diff --git a/applications/openshift/logging/audit_profile_set/rule.yml b/applications/openshift/logging/audit_profile_set/rule.yml
index 8f06eaa7abe..98c6c527c6f 100644
--- a/applications/openshift/logging/audit_profile_set/rule.yml
+++ b/applications/openshift/logging/audit_profile_set/rule.yml
@@ -57,7 +57,6 @@ references:
nerc-cip: CIP-003-8 R4,CIP-003-8 R4.1,CIP-003-8 R4.2,CIP-003-8 R5.2,CIP-003-8 R6,CIP-004-6 R2.2.2,CIP-004-6 R2.2.3,CIP-004-6 R3.3,CIP-007-3 R.1.3,CIP-007-3 R5,CIP-007-3 R5.1.1,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AU-2,AU-3,AU-3(1),AU-6,AU-6(1),AU-7,AU-7(1),AU-8,AU-8(1),AU-9,AU-12,AU-12(1),AU-12(3),CM-5(1),SI-11,SI-12,SI-4(20),SI-4(23)
pcidss: Req-2.2,Req-12.5.5
- pcidss4: '10.2.2'
srg: SRG-APP-000089-CTR-000150,SRG-APP-000090-CTR-000155,SRG-APP-000101-CTR-000205
ocil_clause: 'The proper audit profile is not set'
diff --git a/controls/ccn_rhel9.yml b/controls/ccn_rhel9.yml
index 716b20e026f..4dba64f7a42 100644
--- a/controls/ccn_rhel9.yml
+++ b/controls/ccn_rhel9.yml
@@ -12,6 +12,8 @@ levels:
- id: advanced
inherits_from:
- intermediate
+reference_type: ccn
+product: rhel9
controls:
- id: reload_dconf_db
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
index eb942fe1100..1905a924367 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -5,6 +5,7 @@ version: '4.0'
source: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
levels:
- id: base
+reference_type: pcidss4
controls:
- id: '1.1'
diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
index 33f815ff59f..bad97d2752e 100644
--- a/controls/stig_rhel9.yml
+++ b/controls/stig_rhel9.yml
@@ -3,6 +3,8 @@ title: 'Red Hat Enterprise Linux 9 Security Technical Implementation Guide'
id: stig_rhel9
source: https://public.cyber.mil/stigs/downloads/
version: V1R2
+reference_type: stigid
+product: rhel9
levels:
- id: high
- id: medium
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
index 39941135670..2747e7470e9 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -34,7 +34,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
- pcidss4: "2.2.4"
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="avahi-daemon") }}}
diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
index 45a7019bff7..43abd89064f 100644
--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol8: OL08-00-010670
stigid@rhel7: RHEL-07-021300
stigid@rhel8: RHEL-08-010670
- stigid@rhel9: RHEL-09-213115
stigid@sle12: SLES-12-010840
stigid@sle15: SLES-15-040190
stigid@ubuntu2004: UBTU-20-010413
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
index 4266fc52e66..7b496326c80 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.d", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
index 544b5c14d2d..29333f5d5eb 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.daily", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml
index 0698582d0ce..e9537e2f7fe 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_deny/rule.yml
@@ -21,7 +21,6 @@ references:
disa: CCI-000366
nist: CM-6 b
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.deny", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
index db0822f363f..e6f13be150e 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.hourly", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
index b14857d5a70..e3d661078b1 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.monthly", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
index bc7d8afc4c2..03724238c10 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/cron.weekly", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
index 99a060ed355..6d07c8a6c84 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232235
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/crontab", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
index 916b2ac640f..b78cd0f1e5a 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.d", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
index 4f942c80e55..c4c4e76455d 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.daily", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml
index 1ee1c19ca33..f14726e4227 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_deny/rule.yml
@@ -21,7 +21,6 @@ references:
disa: CCI-000366
nist: CM-6 b
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.deny", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
index e4bd7193469..d29abfc01dc 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.hourly", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
index 100f361853c..f7649ff2689 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.monthly", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
index 513d1e8ba8b..1d938a1e312 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/cron.weekly", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
index 017762dce9a..0c4e1b952a6 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232230
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/crontab", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
index 6a829f9b308..358d24db3f8 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232040
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.d", perms="-rwx------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
index dd66cee2159..761f1432b17 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232040
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.daily", perms="-rwx------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
index dc100913b7b..a0480835e1e 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232040
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.hourly", perms="-rwx------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
index 4aa2f7130c2..827de1a5f8a 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232040
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.monthly", perms="-rwx------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
index 5cebffd96a1..607955f7d34 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232040
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.weekly", perms="-rwx------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
index 218e4d9ba4f..4e00aa78143 100644
--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml
@@ -32,9 +32,7 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232265
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/crontab", perms="-rw-------") }}}'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
index fa647f39b57..3b4fa70ba85 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
@@ -24,7 +24,6 @@ references:
cis@sle12: 5.1.9
cis@sle15: 5.1.9
cis@ubuntu2204: 5.1.9
- pcidss4: "2.2.6"
ocil_clause: 'the file /etc/at.deny exists'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
index 4d4884b7b9f..c8f347ceb30 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml
@@ -25,7 +25,6 @@ references:
cis@sle12: 5.1.8
cis@sle15: 5.1.8
cis@ubuntu2204: 5.1.8
- pcidss4: "2.2.6"
ocil_clause: 'the file /etc/cron.deny exists'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
index 3889917ad57..9f59839ca4b 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
@@ -24,7 +24,6 @@ references:
cis@sle15: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
- pcidss4: "2.2.6"
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/at.allow", group="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
index 07d1bea6b6b..d7ba7b7b18b 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml
@@ -33,7 +33,6 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-021120
stigid@rhel7: RHEL-07-021120
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
index b3eac89941a..c9cdded1ab1 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
@@ -25,7 +25,6 @@ references:
cis@sle15: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
- pcidss4: "2.2.6"
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/at.allow", owner="root") }}}'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
index f3dfc376034..a53cc7e2514 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
@@ -34,7 +34,6 @@ references:
cis@sle15: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
- pcidss4: "2.2.6"
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/at.allow", perms=target_perms) }}}'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
index 1f76fea48d1..e0dc09ca19b 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml
@@ -35,7 +35,6 @@ references:
cis@sle15: 5.1.8
cis@ubuntu2004: 5.1.8
cis@ubuntu2204: 5.1.8
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/cron.allow", perms=target_perms) }}}'
diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
index 2c2653a66aa..7464cd5ffdb 100644
--- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
@@ -31,7 +31,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
- pcidss4: "2.2.6"
ocil: |-
{{{ ocil_service_enabled(service="cron") }}}
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
index 4706e9217c9..41a92670a0d 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
@@ -40,7 +40,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
- pcidss4: "2.2.4"
{{% if 'ubuntu' in product %}}
{{{ complete_ocil_entry_package(package="isc-dhcp-server") }}}
diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
index d770f8048b4..c3090bdcedc 100644
--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
+++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-91285-7
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,14,3,9
cis@sle12: 2.2.9
cis@sle15: 2.2.9
diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
index 52fc6fe6983..9638b09639f 100644
--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
+++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
@@ -23,7 +23,6 @@ references:
srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
stigid@ol8: OL08-00-040135
stigid@rhel8: RHEL-08-040135
- stigid@rhel9: RHEL-09-433010
ocil_clause: 'the fapolicyd package is not installed'
diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
index d7dd2954b8c..73abf83e0b0 100644
--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
+++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
stigid@ol8: OL08-00-040136
stigid@rhel8: RHEL-08-040136
- stigid@rhel9: RHEL-09-433015
ocil_clause: 'the service is not enabled'
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
index cbb01d547f3..615a5cbc906 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@sle15: CCE-85700-3
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,14,3,9
cis@sle12: 2.2.10
cis@sle15: 2.2.10
@@ -37,7 +36,6 @@ references:
stigid@ol8: OL08-00-040360
stigid@rhel7: RHEL-07-040690
stigid@rhel8: RHEL-08-040360
- stigid@rhel9: RHEL-09-215015
stigid@sle12: SLES-12-030011
stigid@sle15: SLES-15-010030
diff --git a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
index 5dcb35b0896..f23a5c8396a 100644
--- a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
+++ b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml
@@ -24,8 +24,6 @@ identifiers:
cce@rhel8: CCE-90745-1
cce@rhel9: CCE-86075-9
-references:
- pcidss4: '2.2.4'
ocil: '{{{ describe_package_remove(package="ftp") }}}'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml
index 088e2450a41..2d78161900a 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80548-1
-references:
- stigid: WA00612
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml
index d6021c0a30b..c787ba84d42 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80551-5
-references:
- stigid: WG110
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml
index 7ee5c36e19f..235a2a6bf0f 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml
@@ -23,9 +23,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80561-4
-references:
- stigid: WG237
-
ocil_clause: 'it is not'
ocil: |-
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml
index 73d7d332b5b..4da7b09ef66 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml
@@ -23,9 +23,6 @@ rationale: |-
severity: low
-references:
- stigid: WG610
-
ocil_clause: 'it is not'
ocil: |-
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml
index 3fb175dc09c..f4fbeaafd62 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml
@@ -20,8 +20,5 @@ rationale: |-
severity: high
-references:
- stigid: WG230
-
ocil: |-
{{{ ocil_service_enabled(service="sshd") }}}
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml
index a2505705fee..5a475fef79c 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml
@@ -21,9 +21,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80562-2
-references:
- stigid: WG255
-
ocil: |-
{{{ describe_file_owner(file="/var/log/httpd", owner="root") }}}
{{{ describe_file_owner(file="/var/log/httpd/*", owner="root") }}}
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml
index a63c3a05ced..aa2fec173b1 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml
@@ -30,8 +30,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80560-6
-references:
- stigid: WG460
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml
index 052cfe635c2..1b102c63b44 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml
@@ -21,8 +21,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80555-6
-references:
- stigid: WG210
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml
index ad91dff5e9c..4bc4ce7b52f 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml
@@ -22,8 +22,6 @@ severity: high
identifiers:
cce@rhel7: CCE-80556-4
-references:
- stigid: WG290
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml
index 84790f2a1fe..4a4fd4c403b 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80553-1
-references:
- stigid: WG430
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml
index de22d2de072..e20ace7dfa9 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80554-9
-references:
- stigid: WG400
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml
index 1358d90f6d3..6b81044cff9 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml
@@ -16,8 +16,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WG370"
ocil_clause: 'either of these exist and they configure csh, or any other shell as a viewer for documents'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml
index a5cc250135e..cce226b5a75 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml
@@ -21,8 +21,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-81130-7
-references:
- stigid: WA00605
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml
index 08db5e03d92..a8708803715 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml
@@ -24,8 +24,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80550-7
-references:
- stigid: WA00620
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml
index dc7a29bc334..0b5527469c4 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80549-9
-references:
- stigid: WA00615
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml
index 3938ee99b82..e7b23624ca5 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml
@@ -17,8 +17,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WG050"
ocil_clause: 'the web server password(s) are not entrusted to the SA or Web Manager'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml
index 8cb744c11ea..8929e49c1b3 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80552-3
-references:
- stigid: WG240
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml
index 38e8fa02dfd..d96af355760 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml
@@ -24,8 +24,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80557-2
-references:
- stigid: WG340
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml
index ccd9284f196..727f0100ac5 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml
@@ -22,8 +22,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80559-8
-references:
- stigid: WG350
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml
index a6303e7c96b..bdb6554a7ba 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml
@@ -20,8 +20,6 @@ severity: medium
identifiers:
cce@rhel7: CCE-80558-0
-references:
- stigid: WG140
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml
index 28db5719e5b..bc86e555023 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml
@@ -26,8 +26,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WA060"
ocil_clause: 'the web server is not isolated in an accredited DoD DMZ Extension'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml
index 6b101c7a961..12cada578a6 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml
@@ -14,8 +14,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WG080"
ocil_clause: |-
the web server is part of an application suite and a comiler is needed
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml
index 3beea540604..d1616994550 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml
@@ -20,8 +20,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WA070"
ocil_clause: 'the private web server is not on a separate controlled access subnet'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml
index 27023ede790..358dd11b6c2 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml
@@ -21,8 +21,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WG040"
ocil_clause: |-
sharing is selected for any web folder, this is a finding.
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml
index 48acab856ae..99cc7c8b152 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml
@@ -24,8 +24,6 @@ rationale: |-
severity: medium
-references:
- stigid: "WG420"
ocil_clause: |-
If fileos with these extensions have no relationship with web activity,
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml
index 4fad9ed43a8..a514cda0a95 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml
@@ -22,8 +22,6 @@ rationale: |-
severity: low
-references:
- stigid: WG265
ocil_clause: 'it is not display the required banner'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml
index f44e9c692f4..11c87b77414 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml
@@ -21,8 +21,6 @@ rationale: |-
severity: low
-references:
- stigid: WG170
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml
index aefc58fd840..567092bced0 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml
@@ -19,8 +19,6 @@ rationale: |-
severity: high
-references:
- stigid: WG360
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml
index 76cbb66052c..d1f1c6e5894 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml
@@ -15,8 +15,6 @@ rationale: |-
severity: high
-references:
- stigid: WG235
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml
index 75fc2eecab3..5db56b6a84a 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml
@@ -18,8 +18,6 @@ rationale: |-
severity: low
-references:
- stigid: WG490
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml
index ef062c1bc3a..cd29471f9d6 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml
@@ -28,8 +28,6 @@ rationale: |-
severity: medium
-references:
- stigid: WG310
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml
index 0a75e26b87e..dfc445269fe 100644
--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml
+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml
@@ -19,8 +19,6 @@ rationale: |-
severity: medium
-references:
- stigid: WG205
ocil_clause: 'it is not'
diff --git a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml
index 75589441d72..483036c146f 100644
--- a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml
+++ b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@rhel9: CCE-88120-1
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis@ubuntu2004: 2.2.11
cis@ubuntu2204: 2.2.10
diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
index 246657b7bf8..c2ad79d8036 100644
--- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
+++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-91369-9
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis@sle12: 2.2.12
cis@sle15: 2.2.12
cis@ubuntu2004: 2.2.11
diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
index 13751ebbd36..9326eac2165 100644
--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
+++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010161
stigid@rhel8: RHEL-08-010161
- stigid@rhel9: RHEL-09-611205
platforms:
- krb5_server_older_than_1_17-18 and krb5_workstation_older_than_1_17-18
diff --git a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml
index ecc270b9e8a..e8def29b95a 100644
--- a/linux_os/guide/services/mail/package_s-nail_installed/rule.yml
+++ b/linux_os/guide/services/mail/package_s-nail_installed/rule.yml
@@ -20,7 +20,6 @@ references:
disa: CCI-001744
nist: CM-3(5)
srg: SRG-OS-000363-GPOS-00150
- stigid@rhel9: RHEL-09-215095
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
index 7849c3ab338..4daf930b402 100644
--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
+++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040002
stigid@rhel8: RHEL-08-040002
- stigid@rhel9: RHEL-09-215020
{{{ complete_ocil_entry_package(package="sendmail") }}}
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
index d05f18b7193..587786ee71e 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
@@ -30,7 +30,6 @@ references:
nist: CM-6(a)
nist@sle12: AU-5(a),AU-5.1(ii)
srg: SRG-OS-000046-GPOS-00022
- stigid@rhel9: RHEL-09-653125
stigid@sle12: SLES-12-020050
stigid@sle15: SLES-15-030580
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
index d81aa3e4112..1f8ff583121 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
@@ -30,7 +30,6 @@ references:
srg: SRG-OS-000046-GPOS-00022
stigid@ol8: OL08-00-030030
stigid@rhel8: RHEL-08-030030
- stigid@rhel9: RHEL-09-252060
ocil_clause: 'the alias is not set or is not root'
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
index c2663d9eaca..690c57319fc 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
@@ -35,7 +35,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
- pcidss4: "1.4.2"
ocil_clause: 'it does not'
diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
index 4f38c42c808..8cf59a2ed64 100644
--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
+++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
@@ -27,7 +27,6 @@ references:
stigid@ol8: OL08-00-040290
stigid@rhel7: RHEL-07-040680
stigid@rhel8: RHEL-08-040290
- stigid@rhel9: RHEL-09-252050
ocil_clause: 'the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject"'
diff --git a/linux_os/guide/services/mask_nonessential_services/rule.yml b/linux_os/guide/services/mask_nonessential_services/rule.yml
index 0c1817126cd..bf40400f24b 100644
--- a/linux_os/guide/services/mask_nonessential_services/rule.yml
+++ b/linux_os/guide/services/mask_nonessential_services/rule.yml
@@ -28,7 +28,6 @@ identifiers:
references:
cis@sle12: "2.4"
cis@sle15: "2.4"
- pcidss4: "2.2.4"
ocil_clause: 'nonessential service is present and unmasked'
diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
index 62fa2153426..9829263e230 100644
--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
@@ -28,7 +28,6 @@ identifiers:
references:
cis@sle12: 2.2.8
cis@sle15: 2.2.8
- pcidss4: "2.2.4"
template:
name: service_disabled
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml
index 405848a23ca..23749e1c84f 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040750
stigid@rhel7: RHEL-07-040750
- stigid@rhel9: RHEL-09-231060
ocil_clause: 'the setting is not configured, has the ''sys'' option added, or does not have all Kerberos options added'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
index 0b3c6a1a17a..4ee195ec1c2 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010640
stigid@rhel8: RHEL-08-010640
- stigid@rhel9: RHEL-09-231065
ocil_clause: 'the setting does not show'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
index c8da85560e9..12a587730cc 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
@@ -34,7 +34,6 @@ references:
stigid@ol8: OL08-00-010630
stigid@rhel7: RHEL-07-021021
stigid@rhel8: RHEL-08-010630
- stigid@rhel9: RHEL-09-231070
stigid@sle12: SLES-12-010820
stigid@sle15: SLES-15-040170
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
index 96ef1d137be..ad0f9666986 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
@@ -32,7 +32,6 @@ references:
stigid@ol8: OL08-00-010650
stigid@rhel7: RHEL-07-021020
stigid@rhel8: RHEL-08-010650
- stigid@rhel9: RHEL-09-231075
stigid@sle12: SLES-12-010810
stigid@sle15: SLES-15-040160
diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
index 978370fe7bf..b81fb5425c2 100644
--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle12: 2.2.7
cis@sle15: 2.2.7
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel9: RHEL-09-215025
{{{ complete_ocil_entry_package(package="nfs-utils") }}}
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
index 87f4bbaddd9..eebe0fe1e00 100644
--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-030741
stigid@rhel8: RHEL-08-030741
- stigid@rhel9: RHEL-09-252025
ocil_clause: 'the "port" option is not set to "0", is commented out, or is missing'
diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
index 7384d0e0edd..d2606da14c4 100644
--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-030742
stigid@rhel8: RHEL-08-030742
- stigid@rhel9: RHEL-09-252030
ocil_clause: 'the "cmdport" option is not set to "0", is commented out, or is missing'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
index 03acce7563f..0a25263b6ac 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
@@ -95,7 +95,6 @@ references:
stigid@ol8: OL08-00-030740
stigid@rhel7: RHEL-07-040500
stigid@rhel8: RHEL-08-030740
- stigid@rhel9: RHEL-09-252020
stigid@sle12: SLES-12-030300
stigid@sle15: SLES-15-010400
stigid@ubuntu2004: UBTU-20-010435
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
index 34771256fb3..b8e74433f6e 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
@@ -45,12 +45,10 @@ identifiers:
cce@sle15: CCE-91360-8
references:
- ccn@rhel9: A.3.SEC-RHEL3
cis@sle12: 2.2.1.3
cis@sle15: 2.2.1.3
cis@ubuntu2004: 2.2.1.3
cis@ubuntu2204: 2.1.2.2
- pcidss4: '10.6.3'
ocil_clause: 'chronyd is not running under chrony user account'
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
index 556495bccfe..0b386f6bcb9 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146
stigid@ol8: OL08-00-030740
stigid@rhel8: RHEL-08-030740
- stigid@rhel9: RHEL-09-252020
ocil_clause: 'an authoritative remote time server is not configured or configured with pool directive'
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
index 928b79aa492..914dcf059b4 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
@@ -28,7 +28,6 @@ identifiers:
cce@sle15: CCE-85833-2
references:
- ccn@rhel9: A.3.SEC-RHEL3
cis@sle12: 2.2.1.3
cis@sle15: 2.2.1.3
cis@ubuntu2004: 2.2.1.3
@@ -36,10 +35,8 @@ references:
ism: 0988,1405
nist: CM-6(a),AU-8(1)(a)
pcidss: Req-10.4.3
- pcidss4: "10.6.2"
srg: SRG-OS-000355-GPOS-00143
stigid@rhel8: RHEL-08-030740
- stigid@rhel9: RHEL-09-252020
ocil_clause: 'a remote time server is not configured'
diff --git a/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml
index 895ed26f14a..6f1399b3e77 100644
--- a/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml
+++ b/linux_os/guide/services/ntp/ntpd_specify_multiple_servers/rule.yml
@@ -33,4 +33,3 @@ references:
nist: CM-6(a),AU-8(1)(a),AU-8(2)
nist-csf: PR.PT-1
pcidss: Req-10.4.3
- pcidss4: "10.6.2"
diff --git a/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml
index d50e8558572..7a95b5772fb 100644
--- a/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml
+++ b/linux_os/guide/services/ntp/ntpd_specify_remote_server/rule.yml
@@ -34,7 +34,6 @@ references:
nist: CM-6(a),AU-8(1)(a)
nist-csf: PR.PT-1
pcidss: Req-10.4.1,Req-10.4.3
- pcidss4: '10.6.2'
ocil_clause: 'this is not the case'
diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
index 8ac082c62f6..70d2084d15d 100644
--- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
+++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@sle15: CCE-91229-5
references:
- ccn@rhel9: A.3.SEC-RHEL3
cis@sle12: 2.2.1.1
cis@sle15: 2.2.1.1
cis@ubuntu2004: 2.2.1.1
@@ -33,9 +32,7 @@ references:
ism: 0988,1405
ospp: FMT_SMF_EXT.1
pcidss: Req-10.4
- pcidss4: "10.6.1"
srg: SRG-OS-000355-GPOS-00143
- stigid@rhel9: RHEL-09-252010
stigid@ubuntu2004: UBTU-20-010435
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
index 45486e82b9c..59a1be32b73 100644
--- a/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_enabled/rule.yml
@@ -30,7 +30,6 @@ references:
cis@ubuntu2204: 2.1.2.3
ism: 0988,1405
srg: SRG-OS-000355-GPOS-00143
- stigid@rhel9: RHEL-09-252015
ocil_clause: 'the chronyd process is not running'
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
index a3f9228a624..8833d723508 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
@@ -57,7 +57,6 @@ references:
nist: CM-6(a),AU-8(1)(a),AU-12(1)
nist-csf: PR.PT-1
pcidss: Req-10.4.1
- pcidss4: "10.6.1"
srg: SRG-APP-000116-CTR-000235
ocil: |-
diff --git a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml
index c375c0f2509..bb3ac288b36 100644
--- a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml
@@ -38,7 +38,6 @@ references:
nist: CM-6(a),AU-8(1)(a)
nist-csf: PR.PT-1
pcidss: Req-10.4
- pcidss4: 10.6.1
ocil: |-
{{{ ocil_service_enabled(service="ntp") }}}
diff --git a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
index a54c9257bb6..3cfd6d06708 100644
--- a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
@@ -37,7 +37,6 @@ references:
nist: CM-6(a),AU-8(1)(a)
nist-csf: PR.PT-1
pcidss: Req-10.4
- pcidss4: '10.6.1'
ocil: |-
{{{ ocil_service_enabled(service="ntpd") }}}
diff --git a/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml
index fed83cde68e..f5afd4ef6b0 100644
--- a/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml
+++ b/linux_os/guide/services/ntp/service_timesyncd_configured/rule.yml
@@ -30,7 +30,6 @@ references:
cis@sle15: 2.2.1.2
disa: CCI-001891
pcidss: Req-10.4.3
- pcidss4: Req-10.6.2
ocil_clause: 'a remote time server is not configured'
diff --git a/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml
index faf50cd6d1d..7e2ee284164 100644
--- a/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_timesyncd_enabled/rule.yml
@@ -39,7 +39,6 @@ references:
nist: CM-6(a),AU-8(1)(a)
nist-csf: PR.PT-1
pcidss: Req-10.4
- pcidss4: "10.6.1"
ocil: |-
{{{ ocil_service_enabled(service="systemd_timesyncd") }}}
diff --git a/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml b/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml
index 6df2c99acb3..4d32b6db732 100644
--- a/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml
+++ b/linux_os/guide/services/ntp/service_timesyncd_root_distance_configured/rule.yml
@@ -25,7 +25,6 @@ references:
cis@sle15: 2.2.1.2
disa: CCI-001891
pcidss: Req-10.4.3
- pcidss4: Req-10.6.2
ocil_clause: 'a remote time server RootDistanceMaxSec is not configured'
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
index a7fe34a1bfd..ba96f00d559 100644
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
@@ -33,7 +33,6 @@ references:
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: "2.2.4"
ocil: |-
If network services are using the xinetd service, this is not applicable.
diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
index 831cc834f0a..10bac615f95 100644
--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
@@ -29,7 +29,6 @@ references:
cis@sle12: 2.3.1
cis@sle15: 2.3.1
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
- pcidss4: "2.2.4"
ocil: '{{{ describe_package_remove(package="ypbind") }}}'
diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
index f91d7fa8dd4..0414eabc785 100644
--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
@@ -36,11 +36,9 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
pcidss: Req-2.2.2
- pcidss4: "2.2.4"
srg: SRG-OS-000095-GPOS-00049
stigid@ol7: OL07-00-020010
stigid@rhel7: RHEL-07-020010
- stigid@rhel9: RHEL-09-215030
{{{ complete_ocil_entry_package(package="ypserv") }}}
diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
index ec023c1632a..a0e4996aa53 100644
--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
@@ -30,7 +30,6 @@ references:
stigid@ol8: OL08-00-010460
stigid@rhel7: RHEL-07-040550
stigid@rhel8: RHEL-08-010460
- stigid@rhel9: RHEL-09-252070
stigid@sle12: SLES-12-010410
stigid@sle15: SLES-15-040030
diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
index 15af7c1696b..6240cdc305d 100644
--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
@@ -33,7 +33,6 @@ references:
stigid@ol8: OL08-00-010470
stigid@rhel7: RHEL-07-040540
stigid@rhel8: RHEL-08-010470
- stigid@rhel9: RHEL-09-252075
stigid@sle12: SLES-12-010400
stigid@sle15: SLES-15-040020
diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
index b59efff1672..a6bf08a6813 100644
--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
@@ -33,13 +33,11 @@ references:
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: '2.2.4'
srg: SRG-OS-000095-GPOS-00049
stigid@ol7: OL07-00-020000
stigid@ol8: OL08-00-040010
stigid@rhel7: RHEL-07-020000
stigid@rhel8: RHEL-08-040010
- stigid@rhel9: RHEL-09-215035
stigid@ubuntu2004: UBTU-20-010406
{{{ complete_ocil_entry_package(package="rsh-server") }}}
diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
index 5cb8908377c..bf34d21069f 100644
--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
@@ -40,7 +40,6 @@ references:
cui: 3.1.13
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
iso27001-2013: A.8.2.3,A.13.1.1,A.13.2.1,A.13.2.3,A.14.1.2,A.14.1.3
- pcidss4: "2.2.4"
{{% if 'ubuntu' not in product %}}
ocil: '{{{ describe_package_remove(package="rsh") }}}'
diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
index 39af03d946d..cf2c7464eda 100644
--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
@@ -24,7 +24,6 @@ identifiers:
references:
cis@sle12: 2.2.17
cis@sle15: 2.2.17
- pcidss4: "2.2.4"
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="rsyncd") }}}
diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
index 57372d8fce4..e5ebfb14030 100644
--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
@@ -21,7 +21,6 @@ identifiers:
references:
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
- pcidss4: '2.2.4'
{{{ complete_ocil_entry_package(package="talk-server") }}}
diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
index 7747aee79d7..9990302beb7 100644
--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
@@ -30,7 +30,6 @@ references:
cis@ubuntu2004: 2.3.3
cis@ubuntu2204: 2.3.3
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
- pcidss4: "2.2.4"
{{{ complete_ocil_entry_package(package="talk") }}}
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
index 432a3278f97..8e2e184509a 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@sle15: CCE-83273-3
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.2.19
cis@sle15: 2.2.19
@@ -44,13 +43,11 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
pcidss: Req-2.2.2
- pcidss4: "2.2.4"
srg: SRG-OS-000095-GPOS-00049
stigid@ol7: OL07-00-021710
stigid@ol8: OL08-00-040000
stigid@rhel7: RHEL-07-021710
stigid@rhel8: RHEL-08-040000
- stigid@rhel9: RHEL-09-215040
stigid@sle12: SLES-12-030000
stigid@sle15: SLES-15-010180
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
index a52e6ee1793..a16fee71835 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
@@ -30,7 +30,6 @@ references:
cui: 3.1.13
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
iso27001-2013: A.8.2.3,A.13.1.1,A.13.2.1,A.13.2.3,A.14.1.2,A.14.1.3
- pcidss4: "2.2.4"
ocil: '{{{ describe_package_remove(package="telnet") }}}'
diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
index f915495ac1c..6b97936e7e6 100644
--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-91227-9
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,12,14,15,3,8,9
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
disa: CCI-000318,CCI-000366,CCI-000368,CCI-001812,CCI-001813,CCI-001814
@@ -33,13 +32,11 @@ references:
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: '2.2.4'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040700
stigid@ol8: OL08-00-040190
stigid@rhel7: RHEL-07-040700
stigid@rhel8: RHEL-08-040190
- stigid@rhel9: RHEL-09-215060
{{{ complete_ocil_entry_package(package="tftp-server") }}}
diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
index 6181a830978..5d66007d88d 100644
--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml
@@ -23,8 +23,6 @@ identifiers:
cce@sle12: CCE-91465-5
cce@sle15: CCE-91158-6
-references:
- pcidss4: '2.2.4'
ocil: '{{{ describe_package_remove(package="tftp") }}}'
diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
index 10ca185266d..6e5cedf703b 100644
--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-040350
stigid@rhel7: RHEL-07-040720
stigid@rhel8: RHEL-08-040350
- stigid@rhel9: RHEL-09-252055
ocil_clause: |-
{{%- if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
index ab6839e6d22..315c4a92992 100644
--- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
+++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
@@ -21,7 +21,6 @@ identifiers:
{{{ complete_ocil_entry_package(package="squid") }}}
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis@sle12: 2.2.14
cis@sle15: 2.2.14
cis@ubuntu2004: 2.2.13
diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
index 2764446e310..4c675f52ca0 100644
--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010473
stigid@rhel8: RHEL-08-010471
- stigid@rhel9: RHEL-09-211035
{{% if product == "ol8" %}}
platform: os_linux[ol]<8.4 or not runtime_kernel_fips_enabled
diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml
index 22104a80780..4f27df32398 100644
--- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml
+++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml
@@ -29,7 +29,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.PT-4
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-215065
{{{ complete_ocil_entry_package(package="quagga") }}}
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
index 10f684554b7..0d71bcc5efe 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
@@ -27,12 +27,10 @@ identifiers:
cce@sle15: CCE-91288-1
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis@sle12: 2.2.15
cis@sle15: 2.2.15
cis@ubuntu2004: 2.2.14
cis@ubuntu2204: 2.2.13
- pcidss4: "2.2.4"
{{% if pkg_manager != "apt_get" %}}
{{{ complete_ocil_entry_package(package="net-snmp") }}}
diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
index 8bd7a74a6d5..08641d27527 100644
--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
@@ -35,7 +35,6 @@ references:
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-255105
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/ssh/sshd_config", group="root") }}}'
diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
index 8e8aafecccd..7920293cacd 100644
--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
@@ -35,7 +35,6 @@ references:
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-255110
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/ssh/sshd_config", owner="root") }}}'
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
index 45b7a0771b4..9bff1ca8798 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
@@ -34,9 +34,7 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-255115
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/sshd_config", perms="-rw-------") }}}'
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
index 74ee8d00c1b..e4f1b1363e3 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -49,13 +49,11 @@ references:
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040420
stigid@ol8: OL08-00-010490
stigid@rhel7: RHEL-07-040420
stigid@rhel8: RHEL-08-010490
- stigid@rhel9: RHEL-09-255120
stigid@sle12: SLES-12-030220
stigid@sle15: SLES-15-040250
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index 7fec2a42a90..695fd89eed4 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -33,13 +33,11 @@ references:
nist: AC-17(a),CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040410
stigid@ol8: OL08-00-010480
stigid@rhel7: RHEL-07-040410
stigid@rhel8: RHEL-08-010480
- stigid@rhel9: RHEL-09-255125
stigid@sle12: SLES-12-030210
stigid@sle15: SLES-15-040240
diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml
index b20463434b8..22deb295567 100644
--- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml
+++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml
@@ -19,7 +19,6 @@ identifiers:
references:
ospp: FIA_UAU.5,FTP_ITC_EXT.1,FCS_SSH_EXT.1,FCS_SSHC_EXT.1
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-255020
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
index 2a665e70edd..98477336174 100644
--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
+++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
@@ -32,7 +32,6 @@ references:
stigid@ol8: OL08-00-040159
stigid@rhel7: RHEL-07-040300
stigid@rhel8: RHEL-08-040159
- stigid@rhel9: RHEL-09-255010
stigid@ubuntu2004: UBTU-20-010042
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
index ba53a8c3dbb..2f20d7736f9 100644
--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol8: OL08-00-040160
stigid@rhel7: RHEL-07-040310
stigid@rhel8: RHEL-08-040160
- stigid@rhel9: RHEL-09-255015
stigid@sle12: SLES-12-030100
stigid@sle15: SLES-15-010530
stigid@ubuntu2004: UBTU-20-010042
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
index e886b61d99c..1d3d5d859df 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
@@ -24,7 +24,6 @@ identifiers:
references:
srg: SRG-OS-000067-GPOS-00035
stigid@rhel8: RHEL-08-010100
- stigid@rhel9: RHEL-09-611190
ocil_clause: 'no ssh private key is accessible without a passcode'
diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
index 67acbd27e37..5463354fea0 100644
--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
@@ -48,11 +48,9 @@ references:
nist: AC-3,AC-17(a),CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-4,PR.AC-6,PR.IP-1,PR.PT-3
ospp: FIA_UAU.1
- pcidss4: "8.3.1"
srg: SRG-OS-000480-GPOS-00229
stigid@ol7: OL07-00-010470
stigid@rhel7: RHEL-07-010470
- stigid@rhel9: RHEL-09-255080
{{{ complete_ocil_entry_sshd_option(default="yes", option="HostbasedAuthentication", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml
index 6e6b8e16eb9..ba7033a1fab 100644
--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml
@@ -26,7 +26,6 @@ references:
ism: "1416"
nist: AC-17(a),CM-6(b),CM-7(a),CM-7(b)
srg: SRG-OS-000096-GPOS-00050
- stigid@rhel9: RHEL-09-251035
platform: machine
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml
index c1d415513e5..184502a043c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml
@@ -39,7 +39,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040470
stigid@rhel7: RHEL-07-040470
- stigid@rhel9: RHEL-09-255130
stigid@sle12: SLES-12-030250
ocil_clause: 'it is commented out, or is not set to no or delayed'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
index 42e0684eb69..26e35c7c5b0 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -48,13 +48,11 @@ references:
nist@sle15: CM-6(b),CM-6.1(iv)
ospp: FIA_UAU.1
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229,SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-010300
stigid@ol8: OL08-00-020330
stigid@rhel7: RHEL-07-010300
stigid@rhel8: RHEL-08-020330
- stigid@rhel9: RHEL-09-255040
stigid@sle12: SLES-12-030150
stigid@sle15: SLES-15-040440
stigid@ubuntu2004: UBTU-20-010047
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
index 8fc2c97356d..84e5d497fa2 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol8: OL08-00-010522
stigid@rhel7: RHEL-07-040430
stigid@rhel8: RHEL-08-010522
- stigid@rhel9: RHEL-09-255135
{{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
index 969e5a708e8..05de4709b64 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol8: OL08-00-010521
stigid@rhel7: RHEL-07-040440
stigid@rhel8: RHEL-08-010521
- stigid@rhel9: RHEL-09-255140
{{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
index 11c0f817792..6bd14d991b1 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
@@ -44,11 +44,9 @@ references:
nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-4,PR.AC-6,PR.IP-1,PR.PT-3
ospp: FIA_UAU.1
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040350
stigid@rhel7: RHEL-07-040350
- stigid@rhel9: RHEL-09-255145
{{{ complete_ocil_entry_sshd_option(default="yes", option="IgnoreRhosts", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
index 2c475553de2..c4b786ae9be 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
@@ -45,13 +45,11 @@ references:
nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3
ospp: FAU_GEN.1
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227,SRG-APP-000148-CTR-000335,SRG-APP-000190-CTR-000500
stigid@ol7: OL07-00-040370
stigid@ol8: OL08-00-010550
stigid@rhel7: RHEL-07-040370
stigid@rhel8: RHEL-08-010550
- stigid@rhel9: RHEL-09-255045
stigid@sle12: SLES-12-030140
stigid@sle15: SLES-15-020040
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
index 1452ccc28a3..efb75a79139 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
@@ -25,7 +25,6 @@ references:
cis@sle15: 5.2.20
cis@ubuntu2004: 5.2.20
cis@ubuntu2204: 5.2.16
- pcidss4: "2.2.6"
ocil_clause: "The AllowTcpForwarding option exists and is disabled"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
index 780b846b0a9..0bb62b7c93c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol8: OL08-00-010520
stigid@rhel7: RHEL-07-040380
stigid@rhel8: RHEL-08-010520
- stigid@rhel9: RHEL-09-255150
stigid@sle12: SLES-12-030200
stigid@sle15: SLES-15-040230
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 7861ecc62d4..8728eeb0874 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -39,13 +39,11 @@ references:
disa: CCI-000366
nist: CM-6(b)
nist@sle15: CM-6.1(iv)
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040710
stigid@ol8: OL08-00-040340
stigid@rhel7: RHEL-07-040710
stigid@rhel8: RHEL-08-040340
- stigid@rhel9: RHEL-09-255155
stigid@sle15: SLES-15-040290
stigid@ubuntu2004: UBTU-20-010048
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
index b3b1d7448d7..c29598260d9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -43,13 +43,11 @@ references:
nist-csf: PR.IP-1
nist@sle15: CM-6(b),CM-6.1(iv)
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00229
stigid@ol7: OL07-00-010460
stigid@ol8: OL08-00-010830
stigid@rhel7: RHEL-07-010460
stigid@rhel8: RHEL-08-010830
- stigid@rhel9: RHEL-09-255085
stigid@sle12: SLES-12-030151
stigid@sle15: SLES-15-040440
stigid@ubuntu2004: UBTU-20-010047
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
index d6015c36e3f..080e05beaee 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
@@ -33,9 +33,7 @@ references:
cis@ubuntu2004: 5.2.19
cis@ubuntu2204: 5.2.6
disa: CCI-000877
- pcidss4: '2.2.6'
srg: SRG-OS-000125-GPOS-00065
- stigid@rhel9: RHEL-09-255050
stigid@ubuntu2004: UBTU-20-010035
{{{ complete_ocil_entry_sshd_option(default="no", option="UsePAM", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml
index 8aea15b7dc7..23654a9d081 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pubkey_auth/rule.yml
@@ -29,7 +29,6 @@ identifiers:
references:
disa: CCI-000765,CCI-000766,CCI-000767,CCI-000768
srg: SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
- stigid@rhel9: RHEL-09-255035
stigid@ubuntu2004: UBTU-20-010033
{{{ complete_ocil_entry_sshd_option(default="no", option="PubkeyAuthentication", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
index 65cf32d3ce7..32289015478 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol8: OL08-00-010500
stigid@rhel7: RHEL-07-040450
stigid@rhel8: RHEL-08-010500
- stigid@rhel9: RHEL-09-255160
stigid@sle12: SLES-12-030230
stigid@sle15: SLES-15-040260
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
index 66fe150a7aa..2ac928bb65c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -46,7 +46,6 @@ references:
stigid@ol8: OL08-00-010040
stigid@rhel7: RHEL-07-040170
stigid@rhel8: RHEL-08-010040
- stigid@rhel9: RHEL-09-255025
stigid@sle12: SLES-12-030050
stigid@sle15: SLES-15-010040
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml
index da16b30cb44..95301fc60c7 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml
@@ -28,7 +28,6 @@ identifiers:
cce@rhel9: CCE-87979-1
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis@ubuntu2004: 5.2.18
cis@ubuntu2204: 5.2.17
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
index 6d6c5730967..02bee6dbe5b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
@@ -51,7 +51,6 @@ identifiers:
cce@sle15: CCE-91343-4
references:
- ccn@rhel9: A.11.SEC-RHEL2
cis-csc: 11,12,14,15,16,18,3,5
cis@sle12: 5.2.4
cis@sle15: 5.2.4
@@ -66,7 +65,6 @@ references:
nist: AC-3,CM-6(a)
nist-csf: PR.AC-4,PR.AC-6,PR.PT-3
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
warnings:
- general: |-
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
index 59b6850a0c3..68550406122 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-020350
stigid@rhel7: RHEL-07-040360
stigid@rhel8: RHEL-08-020350
- stigid@rhel9: RHEL-09-255165
stigid@sle12: SLES-12-030130
stigid@sle15: SLES-15-020120
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
index 8cb93257c70..9b1f144d7e1 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014
stigid@ol8: OL08-00-040161
stigid@rhel8: RHEL-08-040161
- stigid@rhel9: RHEL-09-255090
ocil_clause: 'it is commented out or is not set'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index 3e278af5a38..9e9dca3e22f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -38,7 +38,6 @@ identifiers:
cce@sle15: CCE-83281-6
references:
- ccn@rhel9: A.5.SEC-RHEL7
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.2.16
cis@sle15: 5.2.16
@@ -55,13 +54,11 @@ references:
nist: CM-6(a),AC-17(a),AC-2(5),AC-12,AC-17(a),SC-10,CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-2
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109,SRG-OS-000395-GPOS-00175
stigid@ol7: OL07-00-040320
stigid@ol8: OL08-00-010201
stigid@rhel7: RHEL-07-040320
stigid@rhel8: RHEL-08-010201
- stigid@rhel9: RHEL-09-255100
stigid@sle12: SLES-12-030190
stigid@sle15: SLES-15-010280
stigid@ubuntu2004: UBTU-20-010037
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
index 331783acde7..e94e8a6bc74 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@sle15: CCE-91228-7
references:
- ccn@rhel9: A.5.SEC-RHEL7
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.2.16
cis@sle15: 5.2.16
@@ -50,10 +49,8 @@ references:
nist: AC-2(5),AC-12,AC-17(a),SC-10,CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-2
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109
stigid@rhel8: RHEL-08-010200
- stigid@rhel9: RHEL-09-255095
stigid@sle12: SLES-12-030191
stigid@sle15: SLES-15-010320
stigid@ubuntu2004: UBTU-20-010036
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
index 6522cf3e0f5..11cf26a5375 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle15: 5.2.17
cis@ubuntu2004: 5.2.16
cis@ubuntu2204: 5.2.21
- pcidss4: '2.2.6'
ocil_clause: 'it is commented out or not configured properly'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
index a0e19632052..7b6f37fabbb 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
@@ -34,9 +34,7 @@ references:
nerc-cip: CIP-007-3 R7.1
nist: AC-17(a),AC-17(1),CM-6(a)
pcidss: Req-2.2.4
- pcidss4: "2.2.6"
srg: SRG-OS-000032-GPOS-00013
- stigid@rhel9: RHEL-09-255030
stigid@sle12: SLES-12-030110
stigid@sle15: SLES-15-010150
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
index 83190a2da30..595a6684e30 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
@@ -28,7 +28,6 @@ references:
cis@ubuntu2004: 5.2.6
cis@ubuntu2204: 5.2.18
ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
- pcidss4: "2.2.6"
ocil_clause: 'it is commented out or not configured properly'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
index ab8fb218970..d48f00f942d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
@@ -26,7 +26,6 @@ references:
cis@sle15: 5.2.22
cis@ubuntu2004: 5.2.22
cis@ubuntu2204: 5.2.20
- pcidss4: "2.2.6"
ocil_clause: "MaxSessions is not configured or not configured correctly"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
index d6e3a71ccbd..0fe0bffb3bb 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
@@ -32,7 +32,6 @@ references:
cis@sle15: 5.2.21
cis@ubuntu2004: 5.2.21
cis@ubuntu2204: 5.2.19
- pcidss4: "2.2.6"
ocil_clause: 'maxstartups is not configured'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
index 48134579cb5..2801ac8511f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
@@ -66,7 +66,6 @@ references:
iso27001-2013: A.11.2.6,A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.5.1,A.12.6.2,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.18.1.4,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-17(a),AC-17(2),SC-13,MA-4(6),IA-5(1)(c),SC-12(2),SC-12(3)
nist-csf: PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-1,PR.PT-1,PR.PT-3,PR.PT-4
- pcidss4: "2.2.7"
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@sle12: SLES-12-030170
stigid@sle15: SLES-15-010160
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
index 3e15c017d82..db30ff8d061 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
@@ -59,7 +59,6 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.11.2.6,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-17(a),AC-17(2),SC-13,MA-4(6),SC-12(2),SC-12(3)
nist-csf: PR.AC-1,PR.AC-3,PR.DS-5,PR.PT-4
- pcidss4: "2.2.7"
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
stigid@sle12: SLES-12-030180
stigid@sle15: SLES-15-010270
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
index 50c5ef57ac1..8fef777e753 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
@@ -37,7 +37,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040460
stigid@rhel7: RHEL-07-040460
- stigid@rhel9: RHEL-09-255170
stigid@sle12: SLES-12-030240
stigid@sle15: SLES-15-040270
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
index 0f1fe8be89f..a2ffc8f02e1 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
@@ -29,7 +29,6 @@ references:
cis@ubuntu2004: 5.2.14
cis@ubuntu2204: 5.2.15
pcidss: Req-2.3
- pcidss4: "2.2.7"
ocil_clause: 'KexAlgorithms option is commented out or not using strong hash algorithms'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
index c3694805ca2..509de2a3000 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-040341
stigid@rhel7: RHEL-07-040711
stigid@rhel8: RHEL-08-040341
- stigid@rhel9: RHEL-09-255175
stigid@sle12: SLES-12-030261
stigid@ubuntu2004: UBTU-20-010049
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
index df4e1980787..7ed2eede257 100644
--- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000377-GPOS-00162
stigid@ol8: OL08-00-010400
stigid@rhel8: RHEL-08-010400
- stigid@rhel9: RHEL-09-611170
ocil_clause: 'certificate_verification in sssd is not configured'
diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
index 6791df75f50..c633d6f9fab 100644
--- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000068-GPOS-00036
stigid@ol8: OL08-00-020090
stigid@rhel8: RHEL-08-020090
- stigid@rhel9: RHEL-09-631015
warnings:
- general: |-
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
index b4d3143745b..bb15da50b7b 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
@@ -48,11 +48,9 @@ references:
disa: CCI-001954,CCI-000765,CCI-000766,CCI-000767,CCI-000768
ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
pcidss: Req-8.3
- pcidss4: "8.4"
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
stigid@ol8: OL08-00-020250
stigid@rhel8: RHEL-08-020250
- stigid@rhel9: RHEL-09-611165
ocil_clause: 'smart cards are not enabled in SSSD'
diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
index 65eb8d8b33f..7c5b263209a 100644
--- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
@@ -37,7 +37,6 @@ references:
srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
stigid@ol8: OL08-00-010090
stigid@rhel8: RHEL-08-010090
- stigid@rhel9: RHEL-09-631010
warnings:
- general: |-
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
index c889c63bfc5..97bb894c981 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
@@ -47,7 +47,6 @@ references:
srg: SRG-OS-000383-GPOS-00166
stigid@ol8: OL08-00-020290
stigid@rhel8: RHEL-08-020290
- stigid@rhel9: RHEL-09-631020
stigid@sle12: SLES-12-010680
stigid@sle15: SLES-15-010500
stigid@ubuntu2004: UBTU-20-010441
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
index 70864f734ed..e0cbdd9ac97 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215,SRG-APP-000141-CTR-000315
stigid@ol8: OL08-00-030603
stigid@rhel8: RHEL-08-030603
- stigid@rhel9: RHEL-09-291025
platform: package[usbguard]
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
index c5b55207f54..fdfbf27e7ce 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
@@ -44,14 +44,12 @@ identifiers:
cce@rhel9: CCE-84203-9
references:
- ccn@rhel9: A.23.SEC-RHEL1
disa: CCI-001958
ism: "1418"
nist: CM-8(3),IA-3
srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315
stigid@ol8: OL08-00-040139
stigid@rhel8: RHEL-08-040139
- stigid@rhel9: RHEL-09-291015
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
index bbc76cd0945..c3131c2aedb 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@rhel9: CCE-84205-4
references:
- ccn@rhel9: A.23.SEC-RHEL1
disa: CCI-000416,CCI-001958
ism: "1418"
nist: CM-8(3)(a),IA-3
@@ -27,7 +26,6 @@ references:
srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315
stigid@ol8: OL08-00-040141
stigid@rhel8: RHEL-08-040141
- stigid@rhel9: RHEL-09-291020
ocil_clause: 'the service is not enabled'
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
index c762f931879..46c7d024b1e 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
@@ -20,14 +20,12 @@ identifiers:
cce@rhel9: CCE-88882-6
references:
- ccn@rhel9: A.23.SEC-RHEL1
disa: CCI-000416,CCI-001958
nist: CM-8(3)(a),IA-3
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040140
stigid@rhel8: RHEL-08-040140
- stigid@rhel9: RHEL-09-291030
ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
index 55ecb9f2e86..f6c16152982 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-040320
stigid@rhel7: RHEL-07-040730
stigid@rhel8: RHEL-08-040320
- stigid@rhel9: RHEL-09-215070
ocil_clause: 'xorg related packages are not removed and run level is not correctly configured'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
index 6fcfe575dd2..fc3356a15bb 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040321
stigid@rhel8: RHEL-08-040321
- stigid@rhel9: RHEL-09-211030
ocil_clause: 'the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface'
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index 13f71129cfa..4c3071d6a7a 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -94,7 +94,6 @@ identifiers:
cce@sle15: CCE-83262-6
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis-csc: 1,12,15,16
cis@sle12: 1.8.1.2
cis@sle15: 1.8.1.2
@@ -115,7 +114,6 @@ references:
stigid@ol8: OL08-00-010060
stigid@rhel7: RHEL-07-010050
stigid@rhel8: RHEL-08-010060
- stigid@rhel9: RHEL-09-211020
stigid@sle12: SLES-12-010030
stigid@sle15: SLES-15-010020
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
index 2493f8550f0..625f8f38fd4 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
@@ -55,7 +55,6 @@ identifiers:
cce@sle15: CCE-91350-9
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis@sle12: 1.8.1.3
cis@sle15: 1.8.1.3
cis@ubuntu2004: 1.8.1.3
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index 445a852bed0..3992fc2eda3 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -55,7 +55,6 @@ identifiers:
cce@sle15: CCE-91349-1
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis@sle12: 1.8.1.1
cis@sle15: 1.8.1.1
cis@ubuntu2004: 1.8.1.1
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
index 6be8214512f..34a6edf1bdb 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle15: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
- pcidss4: '1.2.8'
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/issue.net", group="root") }}}'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
index afd1d71ba57..c1a771b5fe2 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle15: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
- pcidss4: '1.2.8'
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/issue.net", owner="root") }}}'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
index 6ec5240ec24..a2a284ce24d 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle15: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
- pcidss4: '1.2.8'
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/issue.net", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
index cbcdad22627..330a62f9743 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
@@ -37,7 +37,6 @@ identifiers:
cce@sle15: CCE-83265-9
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis-csc: 1,12,15,16
cis@sle12: "1.9"
cis@sle15: "1.10"
@@ -57,7 +56,6 @@ references:
stigid@ol8: OL08-00-010049
stigid@rhel7: RHEL-07-010030
stigid@rhel8: RHEL-08-010049
- stigid@rhel9: RHEL-09-271010,RHEL-09-271015
stigid@sle12: SLES-12-010040
stigid@sle15: SLES-15-010080
stigid@ubuntu2004: UBTU-20-010002
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
index 35c4c21c14b..4ebe3c4e60e 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
@@ -41,7 +41,6 @@ identifiers:
cce@sle15: CCE-83266-7
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis-csc: 1,12,15,16
cis@sle12: "1.10"
cis@sle15: "1.10"
diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
index 0859ad2d59c..2c5fbef58f3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol8: OL08-00-010385
stigid@rhel7: RHEL-07-010344
stigid@rhel8: RHEL-08-010385
- stigid@rhel9: RHEL-09-611145
stigid@sle12: SLES-12-010114
stigid@sle15: SLES-15-020104
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
index b96e9f3dbf1..de75b66b2c6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
@@ -50,13 +50,11 @@ references:
nist: AC-9,AC-9(1)
nist-csf: PR.AC-7
pcidss: Req-10.2.4
- pcidss4: "10.2.1.4"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040530
stigid@ol8: OL08-00-020340
stigid@rhel7: RHEL-07-040530
stigid@rhel8: RHEL-08-020340
- stigid@rhel9: RHEL-09-412075
stigid@sle12: SLES-12-010390
stigid@sle15: SLES-15-020080
stigid@ubuntu2004: UBTU-20-010453
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
index 8df3cf84bda..49dad8c557b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
@@ -21,7 +21,6 @@ references:
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020026
stigid@rhel8: RHEL-08-020026
- stigid@rhel9: RHEL-09-611035
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
index 100446aba60..acc86a1ba15 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
@@ -21,7 +21,6 @@ references:
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020025
stigid@rhel8: RHEL-08-020025
- stigid@rhel9: RHEL-09-611030
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
index 680a2f5202d..c3cd0386b42 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
@@ -23,7 +23,6 @@ references:
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020027,OL08-00-020028
stigid@rhel8: RHEL-08-020027,RHEL-08-020028
- stigid@rhel9: RHEL-09-431020
platform: machine
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
index ec69ff97c25..20835ee9b59 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
@@ -53,13 +53,11 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
nist@sle15: IA-5(1)(e),IA-5(1).1(v)
pcidss: Req-8.2.5
- pcidss4: '8.3.7'
srg: SRG-OS-000077-GPOS-00045
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020220
stigid@rhel7: RHEL-07-010270
stigid@rhel8: RHEL-08-020220
- stigid@rhel9: RHEL-09-611015
ocil_clause: |-
the pam_pwhistory.so module is not used, the "remember" module option is not set in
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
index 031ae0c708b..83841d1421d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
@@ -53,13 +53,11 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
nist@sle15: IA-5(1)(e),IA-5(1).1(v)
pcidss: Req-8.2.5
- pcidss4: '8.3.7'
srg: SRG-OS-000077-GPOS-00045
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020221
stigid@rhel7: RHEL-07-010270
stigid@rhel8: RHEL-08-020221
- stigid@rhel9: RHEL-09-611020
ocil_clause: |-
the pam_pwhistory.so module is not used, the "remember" module option is not set in
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
index cd53ced8fc1..3a23940ea7c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -40,7 +40,6 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
nist@sle15: IA-5(1)(e),IA-5(1).1(v)
pcidss: Req-8.2.5
- pcidss4: "8.3.7"
srg: SRG-OS-000077-GPOS-00045
stigid@sle15: SLES-15-020250
stigid@ubuntu2004: UBTU-20-010070
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
index 1bce7f622c6..b52b585b4ed 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
@@ -20,7 +20,6 @@ references:
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020020,OL08-00-020021
stigid@rhel8: RHEL-08-020021
- stigid@rhel9: RHEL-09-412045
stigid@ubuntu2004: UBTU-20-010072
{{% if product == "rhel8" %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
index 0080295806f..9569c5a0057 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -39,7 +39,6 @@ identifiers:
cce@sle15: CCE-85842-3
references:
- ccn@rhel9: A.30.SEC-RHEL1
cis-csc: 1,12,15,16
cis@ubuntu2204: 5.4.2
cjis: 5.5.3
@@ -54,13 +53,11 @@ references:
nist-csf: PR.AC-7
ospp: FIA_AFL.1
pcidss: Req-8.1.6
- pcidss4: "8.3.4"
srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020010,OL08-00-020011
stigid@rhel7: RHEL-07-010320
stigid@rhel8: RHEL-08-020011
- stigid@rhel9: RHEL-09-411075
stigid@ubuntu2004: UBTU-20-010072
platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
index 77498714e3e..b744f39bef0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-020022,OL08-00-020023
stigid@rhel7: RHEL-07-010330
stigid@rhel8: RHEL-08-020023
- stigid@rhel9: RHEL-09-411080
{{% if product == "rhel8" %}}
platform: os_linux[rhel]>=8.2
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
index e199c9f99c3..76c632b16fb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128
stigid@ol8: OL08-00-020016,OL08-00-020017
stigid@rhel8: RHEL-08-020016,RHEL-08-020017
- stigid@rhel9: RHEL-09-411105
ocil_clause: 'the "dir" option is not set to a non-default documented tally log directory, is missing or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
index 9b6a6a055e5..d7b53022470 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
@@ -53,7 +53,6 @@ references:
stigid@ol8: OL08-00-020012,OL08-00-020013
stigid@rhel7: RHEL-07-010320
stigid@rhel8: RHEL-08-020012,RHEL-08-020013
- stigid@rhel9: RHEL-09-411085
stigid@ubuntu2004: UBTU-20-010072
platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
index b5217cd35e6..914fe30aa02 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
@@ -41,7 +41,6 @@ identifiers:
cce@sle15: CCE-85841-5
references:
- ccn@rhel9: A.30.SEC-RHEL1
cis-csc: 1,12,15,16
cis@ubuntu2204: 5.4.2
cjis: 5.5.3
@@ -56,13 +55,11 @@ references:
nist-csf: PR.AC-7
ospp: FIA_AFL.1
pcidss: Req-8.1.7
- pcidss4: "8.3.4"
srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020014,OL08-00-020015
stigid@rhel7: RHEL-07-010320
stigid@rhel8: RHEL-08-020014,RHEL-08-020015
- stigid@rhel9: RHEL-09-411090
stigid@ubuntu2004: UBTU-20-010072
platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
index 923ec836f0f..d68d6d3190d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
@@ -46,7 +46,6 @@ references:
disa: CCI-000044
nist@sle12: AC-7(a)
pcidss: Req-8.1.6
- pcidss4: "8.3.4"
srg: SRG-OS-000021-GPOS-00005
stigid@sle12: SLES-12-010130
stigid@sle15: SLES-15-020010
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
index 87ab1f1fe4f..c20124b7404 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
@@ -32,7 +32,6 @@ references:
nist-csf: PR.AC-7
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.7
- pcidss4: "8.3.4"
srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
ocil_clause: 'unlock_time is less than the expected value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
index cf71d3539fc..972c2eba75d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -27,7 +27,6 @@ references:
disa: CCI-000194
nist@sle12: IA-5(a),IA-5(v)
pcidss: Req-8.2.3
- pcidss4: "8.3.6"
srg: SRG-OS-000071-GPOS-00039
stigid@sle12: SLES-12-010170
stigid@sle15: SLES-15-020150
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
index e540fd31f44..1ffde434e25 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -29,7 +29,6 @@ references:
nist@sle12: IA-5(a),IA-5(v)
nist@sle15: IA-5(1)(a),IA-5(1).1(v)
pcidss: Req-8.2.3
- pcidss4: "8.3.6"
srg: SRG-OS-000070-GPOS-00038
stigid@sle12: SLES-12-010160
stigid@sle15: SLES-15-020140
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
index ebdd32dd5af..94cc54e44e6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -26,7 +26,6 @@ references:
disa: CCI-000205
nist@sle12: IA-5(1)(a)
pcidss: Req-8.2.3
- pcidss4: "8.3.6"
srg: SRG-OS-000078-GPOS-00046
stigid@sle12: SLES-12-010250
stigid@sle15: SLES-15-020260
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
index ae26b4b37db..c64de3eb65d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
@@ -24,7 +24,6 @@ references:
disa: CCI-000366
nist@sle12: CM-6(b),CM-6.1
pcidss: Req-8.1.6,Req-8.1.7
- pcidss4: "8.3.4"
srg: SRG-OS-000480-GPOS-00225
stigid@sle12: SLES-12-010320
stigid@sle15: SLES-15-020290
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
index 8748ff95a59..3e473f85e85 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
@@ -45,13 +45,11 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
ospp: FMT_SMF_EXT.1
pcidss: Req-8.2.3
- pcidss4: '8.3.6'
srg: SRG-OS-000071-GPOS-00039
stigid@ol7: OL07-00-010140
stigid@ol8: OL08-00-020130
stigid@rhel7: RHEL-07-010140
stigid@rhel8: RHEL-08-020130
- stigid@rhel9: RHEL-09-611070
stigid@ubuntu2004: UBTU-20-010052
ocil_clause: 'the value of "dcredit" is a positive number or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
index 06ea46df758..e052504e069 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000480-GPOS-00225
stigid@ol8: OL08-00-020300
stigid@rhel8: RHEL-08-020300
- stigid@rhel9: RHEL-09-611105
stigid@ubuntu2004: UBTU-20-010056
ocil_clause: '"dictcheck" does not have a value other than "0", or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
index a520828ec50..1a5c40bb4c0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
@@ -48,7 +48,6 @@ references:
stigid@ol8: OL08-00-020170
stigid@rhel7: RHEL-07-010160
stigid@rhel8: RHEL-08-020170
- stigid@rhel9: RHEL-09-611115
stigid@ubuntu2004: UBTU-20-010053
ocil_clause: 'the value of "difok" is set to less than "{{{ xccdf_value("var_password_pam_difok") }}}", or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
index 73115f0361f..d47ea551ea1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
@@ -28,7 +28,6 @@ references:
disa: CCI-000194,CCI-000193,CCI-001619,CCI-000205,CCI-000195,CCI-000192,CCI-000366
nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4)
srg: SRG-OS-000072-GPOS-00040,SRG-OS-000071-GPOS-00039,SRG-OS-000070-GPOS-00038,SRG-OS-000266-GPOS-00101,SRG-OS-000078-GPOS-00046,SRG-OS-000480-GPOS-00225,SRG-OS-000069-GPOS-00037
- stigid@rhel9: RHEL-09-611060
ocil_clause: '"enforce_for_root" is commented or missing'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
index c2036b86833..c3a1e6c6d09 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
@@ -45,13 +45,11 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
ospp: FMT_SMF_EXT.1
pcidss: Req-8.2.3
- pcidss4: '8.3.6'
srg: SRG-OS-000070-GPOS-00038
stigid@ol7: OL07-00-010130
stigid@ol8: OL08-00-020120
stigid@rhel7: RHEL-07-010130
stigid@rhel8: RHEL-08-020120
- stigid@rhel9: RHEL-09-611065
stigid@ubuntu2004: UBTU-20-010051
ocil_clause: 'the value of "lcredit" is a positive number or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
index 12a53da3386..97e0e2da970 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
@@ -40,7 +40,6 @@ references:
stigid@ol8: OL08-00-020140
stigid@rhel7: RHEL-07-010190
stigid@rhel8: RHEL-08-020140
- stigid@rhel9: RHEL-09-611120
ocil_clause: the value of "maxclassrepeat" is set to "0", more than "{{{ xccdf_value("var_password_pam_maxclassrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
index 34cfba37540..b9967a53c2d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-020150
stigid@rhel7: RHEL-07-010180
stigid@rhel8: RHEL-08-020150
- stigid@rhel9: RHEL-09-611125
ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
index ce34238ce64..aff25f1399f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
@@ -41,7 +41,6 @@ identifiers:
cce@rhel9: CCE-83563-7
references:
- ccn@rhel9: A.11.SEC-RHEL3
cis-csc: 1,12,15,16,5
cis@ubuntu2004: 5.3.1
cis@ubuntu2204: 5.4.1
@@ -58,7 +57,6 @@ references:
stigid@ol8: OL08-00-020160
stigid@rhel7: RHEL-07-010170
stigid@rhel8: RHEL-08-020160
- stigid@rhel9: RHEL-09-611130
ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
index f95a0bd746e..a96628d62ec 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
@@ -29,7 +29,6 @@ identifiers:
cce@sle15: CCE-85785-4
references:
- ccn@rhel9: A.11.SEC-RHEL3
cis-csc: 1,12,15,16,5
cis@sle12: 5.3.1
cis@sle15: 5.3.1
@@ -46,13 +45,11 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
ospp: FMT_SMF_EXT.1
pcidss: Req-8.2.3
- pcidss4: '8.3.6'
srg: SRG-OS-000078-GPOS-00046
stigid@ol7: OL07-00-010280
stigid@ol8: OL08-00-020230
stigid@rhel7: RHEL-07-010280
stigid@rhel8: RHEL-08-020230
- stigid@rhel9: RHEL-09-611090
stigid@ubuntu2004: UBTU-20-010054
ocil_clause: 'the command does not return a "minlen" value of "{{{ xccdf_value("var_password_pam_minlen") }}}" or greater, does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
index 7b7d0702d15..65e3b071510 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
@@ -51,7 +51,6 @@ references:
stigid@ol8: OL08-00-020280
stigid@rhel7: RHEL-07-010150
stigid@rhel8: RHEL-08-020280
- stigid@rhel9: RHEL-09-611100
stigid@ubuntu2004: UBTU-20-010055
ocil_clause: 'value of "ocredit" is a positive number or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
index 90a06a460eb..aa2834ad996 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020100
stigid@rhel8: RHEL-08-020100
- stigid@rhel9: RHEL-09-611040
ocil_clause: 'pam_pwquality.so is not enabled in password-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
index c7c408229b0..c66283c1812 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020101
stigid@rhel8: RHEL-08-020101
- stigid@rhel9: RHEL-09-611045
ocil_clause: 'pam_pwquality.so is not enabled in system-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
index cc8a56c3fee..1a64bc73be7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
@@ -33,7 +33,6 @@ identifiers:
cce@rhel9: CCE-83569-4
references:
- ccn@rhel9: A.11.SEC-RHEL3
cis-csc: 1,11,12,15,16,3,5,9
cis@ubuntu2004: 5.3.1
cis@ubuntu2204: 5.4.1
@@ -51,7 +50,6 @@ references:
stigid@ol8: OL08-00-020102,OL08-00-020103,OL08-00-020104
stigid@rhel7: RHEL-07-010119
stigid@rhel8: RHEL-08-020104
- stigid@rhel9: RHEL-09-611010
stigid@ubuntu2004: UBTU-20-010057
ocil_clause: 'the value of "retry" is set to "0" or greater than "{{{ xccdf_value("var_password_pam_retry") }}}", or is missing'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
index 862b3222be3..124bfe82256 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-020110
stigid@rhel7: RHEL-07-010120
stigid@rhel8: RHEL-08-020110
- stigid@rhel9: RHEL-09-611110
stigid@ubuntu2004: UBTU-20-010050
ocil_clause: 'the value of "ucredit" is a positive number or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
index 55a11eeb697..fb1865b041e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_commonauth/rule.yml
@@ -39,7 +39,6 @@ references:
disa: CCI-000803
nist: IA-7,IA-7.1
pcidss: Req-8.2.1
- pcidss4: "8.3.2"
srg: SRG-OS-000120-GPOS-00061
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
index 6dd7943941f..06a863378f3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
@@ -44,11 +44,9 @@ references:
nist: IA-5(c),IA-5(1)(c),CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.2.1
- pcidss4: "8.3.2"
srg: SRG-OS-000073-GPOS-00041
stigid@ol7: OL07-00-010220
stigid@rhel7: RHEL-07-010220
- stigid@rhel9: RHEL-09-611135
ocil_clause: crypt_style is not set to sha512
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
index f1c1490343b..57888da0373 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@sle15: CCE-83279-0
references:
- ccn@rhel9: A.19.SEC-RHEL3
cis-csc: 1,12,15,16,5
cis@sle12: 5.4.1.1
cis@sle15: 5.4.1.1
@@ -41,13 +40,11 @@ references:
nist: IA-5(c),IA-5(1)(c),CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.2.1
- pcidss4: "8.3.2"
srg: SRG-OS-000073-GPOS-00041
stigid@ol7: OL07-00-010210
stigid@ol8: OL08-00-010110
stigid@rhel7: RHEL-07-010210
stigid@rhel8: RHEL-08-010110
- stigid@rhel9: RHEL-09-611140
stigid@sle12: SLES-12-010210
stigid@sle15: SLES-15-010260
stigid@ubuntu2004: UBTU-20-010404
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
index 80c3add66a0..902998cf3bf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
@@ -40,7 +40,6 @@ identifiers:
cce@rhel9: CCE-85946-2
references:
- ccn@rhel9: A.19.SEC-RHEL3
cis-csc: 1,12,15,16,5
cjis: 5.6.2.2
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
@@ -58,7 +57,6 @@ references:
stigid@ol8: OL08-00-010160
stigid@rhel7: RHEL-07-010200
stigid@rhel8: RHEL-08-010160
- stigid@rhel9: RHEL-09-671025
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index a24ff81cf87..7fae090d474 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -50,7 +50,6 @@ identifiers:
cce@sle15: CCE-85565-0
references:
- ccn@rhel9: A.19.SEC-RHEL3
cis-csc: 1,12,15,16,5
cjis: 5.6.2.2
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
@@ -63,7 +62,6 @@ references:
nist: IA-5(c),IA-5(1)(c),CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.2.1
- pcidss4: "8.3.2"
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol7: OL07-00-010200
stigid@ol8: OL08-00-010159
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
index ff59cf9ba8d..7dc77eef14c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010130
stigid@rhel8: RHEL-08-010130
- stigid@rhel9: RHEL-09-611150
stigid@sle12: SLES-12-010240
stigid@sle15: SLES-15-020190
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
index e5b165ba3f0..690c52aa04a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -72,7 +72,6 @@ references:
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040172
stigid@rhel8: RHEL-08-040172
- stigid@rhel9: RHEL-09-211045
stigid@sle15: SLES-15-040062
stigid@ubuntu2004: UBTU-20-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index 19920708bbc..51c13e050da 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -77,7 +77,6 @@ references:
stigid@ol8: OL08-00-040170
stigid@rhel7: RHEL-07-020230
stigid@rhel8: RHEL-08-040170
- stigid@rhel9: RHEL-09-211050
stigid@sle12: SLES-12-010610
stigid@sle15: SLES-15-040060
stigid@ubuntu2004: UBTU-20-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
index 09c4d6591ac..428cea61df1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
@@ -47,7 +47,6 @@ references:
nist-csf: PR.AC-4,PR.AC-6,PR.PT-3
ospp: FIA_UAU.1
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-212015
ocil_clause: 'Interactive boot is enabled at boot time'
diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
index 7dc87e626bb..35220b4d267 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
@@ -41,7 +41,6 @@ references:
srg: SRG-OS-000163-GPOS-00072
stigid@ol8: OL08-00-020035
stigid@rhel8: RHEL-08-020035
- stigid@rhel9: RHEL-09-412080
ocil_clause: "the option is not configured"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
index 7cc8aa2100c..3366217dda3 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol7: OL07-00-010481
stigid@ol8: OL08-00-010152
stigid@rhel8: RHEL-08-010152
- stigid@rhel9: RHEL-09-611195
ocil_clause: 'the output is different'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index 1dc9c636681..121c8f619c6 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-010151
stigid@rhel7: RHEL-07-010481
stigid@rhel8: RHEL-08-010151
- stigid@rhel9: RHEL-09-611200
ocil_clause: 'the output is different'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
index 80bdc7a3c8e..066a8b09abc 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020041
stigid@rhel8: RHEL-08-020041
- stigid@rhel9: RHEL-09-412015
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
index 7dc00349c72..64a5fe4fe38 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol8: OL08-00-020070
stigid@rhel8: RHEL-08-020070
- stigid@rhel9: RHEL-09-412025
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
index ca1def0cde0..18cc6fac544 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
@@ -30,7 +30,6 @@ references:
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020040
stigid@rhel8: RHEL-08-020040
- stigid@rhel9: RHEL-09-412020
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
index 60f91e405cc..b0baa5b6ba8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020040
stigid@rhel8: RHEL-08-020040
- stigid@rhel9: RHEL-09-412020
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
index 7273c0e035e..21d0295bade 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020042
stigid@rhel8: RHEL-08-020042
- stigid@rhel9: RHEL-09-412030
ocil_clause: 'tmux is listed in /etc/shells'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
index db6774627b3..de5155c3d05 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
@@ -43,7 +43,6 @@ references:
srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009
stigid@ol8: OL08-00-020039
stigid@rhel8: RHEL-08-020039
- stigid@rhel9: RHEL-09-412010
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
index 9a8bdcb7961..1fe7d2299f9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
@@ -47,7 +47,6 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.3
srg: SRG-OS-000104-GPOS-00051,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000109-GPOS-00056,SRG-OS-000108-GPOS-00055,SRG-OS-000108-GPOS-00057,SRG-OS-000108-GPOS-00058
- stigid@rhel9: RHEL-09-611160
ocil_clause: '"{{{ xccdf_value("var_smartcard_drivers") }}}" is not listed as a card driver, or there is no line returned for "card_drivers"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 036d0faf907..4a588977f83 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -54,7 +54,6 @@ references:
stigid@ol8: OL08-00-010390
stigid@rhel7: RHEL-07-041001
stigid@rhel8: RHEL-08-010390
- stigid@rhel9: RHEL-09-215075
stigid@sle12: SLES-12-030500
stigid@sle15: SLES-15-010460
stigid@ubuntu2004: UBTU-20-010063
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
index 4da85dda72c..dc7ab761ac1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161
stigid@ol8: OL08-00-010410
stigid@rhel8: RHEL-08-010410
- stigid@rhel9: RHEL-09-611185
stigid@ubuntu2004: UBTU-20-010064
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
index 395914cb9b0..5ab5b292ce1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
@@ -22,7 +22,6 @@ references:
ism: 1382,1384,1386
nist: CM-6(a)
srg: SRG-OS-000375-GPOS-00160
- stigid@rhel9: RHEL-09-611175
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
index 85495b3b114..13e9c9b9d56 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
@@ -33,7 +33,6 @@ references:
nist: IA-2(1),IA-2(2),IA-2(3),IA-2(4),IA-2(6),IA-2(7),IA-2(11),CM-6(a)
pcidss: Req-8.3
srg: SRG-OS-000375-GPOS-00160
- stigid@rhel9: RHEL-09-611180
ocil_clause: 'the pcscd service is not enabled'
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
index b2121a96681..6fefab28a0d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040180
stigid@rhel8: RHEL-08-040180
- stigid@rhel9: RHEL-09-211055
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="debug-shell") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 3db519ffc02..4b17ec21627 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -48,13 +48,11 @@ references:
nist: IA-4(e),AC-2(3),CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7
pcidss: Req-8.1.4
- pcidss4: "8.2.6"
srg: SRG-OS-000118-GPOS-00060
stigid@ol7: OL07-00-010310
stigid@ol8: OL08-00-020260
stigid@rhel7: RHEL-07-010310
stigid@rhel8: RHEL-08-020260
- stigid@rhel9: RHEL-09-411050
stigid@sle12: SLES-12-010340
stigid@sle15: SLES-15-020050
stigid@ubuntu2004: UBTU-20-010409
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
index 8391e50315f..7cee18af92c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
@@ -46,7 +46,6 @@ references:
stigid@ol8: OL08-00-020000
stigid@rhel7: RHEL-07-010271
stigid@rhel8: RHEL-08-020000,RHEL-08-020270
- stigid@rhel9: RHEL-09-411040
stigid@sle12: SLES-12-010360
stigid@sle15: SLES-15-020000
stigid@ubuntu2004: UBTU-20-010000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
index 38f3436d603..6c4767341af 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
@@ -28,7 +28,6 @@ references:
cjis: 5.5.2
disa: CCI-000770,CCI-000804
pcidss: Req-8.1.1
- pcidss4: "8.2.1"
ocil_clause: 'a line is returned'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
index 76434116f66..cad3ab87e25 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
@@ -28,7 +28,6 @@ references:
cis@ubuntu2004: 6.2.17
cis@ubuntu2204: 6.2.4
pcidss: Req-8.2.1
- pcidss4: 8.3.2
ocil_clause: 'shadow group is not empty'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index 5353a4e9447..93b1213c1c2 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -24,11 +24,9 @@ references:
disa: CCI-000135,CCI-000764,CCI-000804
nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1
pcidss: Req-8.1.1
- pcidss4: "8.2.1"
srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020
stigid@ol8: OL08-00-020240
stigid@rhel8: RHEL-08-020240
- stigid@rhel9: RHEL-09-411030
stigid@sle12: SLES-12-010640
stigid@sle15: SLES-15-010230
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
index 6961aae7755..a33e5f3d4b4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-020320
stigid@rhel7: RHEL-07-020270
stigid@rhel8: RHEL-08-020320
- stigid@rhel9: RHEL-09-411095
stigid@sle12: SLES-12-010630
stigid@sle15: SLES-15-020090
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
index a13a58cc88d..c3b5c920340 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
@@ -22,9 +22,7 @@ references:
cis@ubuntu2004: 6.2.14
cis@ubuntu2204: 6.2.6
disa: CCI-000764
- pcidss4: "8.2.1"
srg: SRG-OS-000104-GPOS-00051
- stigid@rhel9: RHEL-09-411110
ocil_clause: 'the system has duplicate group ids'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
index a0f19b0533a..f7b6f14ccb3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
@@ -20,7 +20,6 @@ references:
cis@sle15: 6.2.17
cis@ubuntu2004: 6.2.16
cis@ubuntu2204: 6.2.8
- pcidss4: "8.2.1"
ocil_clause: 'has duplicate group names'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index a8cc92b17c3..ad3af5b010e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@sle15: CCE-85570-0
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis-csc: 1,12,15,16,5
cis@sle12: 5.4.1.2
cis@sle15: 5.4.1.2
@@ -49,13 +48,11 @@ references:
nist: IA-5(f),IA-5(1)(d),CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.2.4
- pcidss4: '8.3.9'
srg: SRG-OS-000076-GPOS-00044
stigid@ol7: OL07-00-010250
stigid@ol8: OL08-00-020200
stigid@rhel7: RHEL-07-010250
stigid@rhel8: RHEL-08-020200
- stigid@rhel9: RHEL-09-411010
stigid@sle12: SLES-12-010280
stigid@sle15: SLES-15-020220
stigid@ubuntu2004: UBTU-20-010008
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index 7f4e0cf1947..5c4a7524815 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@sle15: CCE-85720-1
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis-csc: 1,12,15,16,5
cis@sle12: 5.4.1.3
cis@sle15: 5.4.1.3
@@ -53,7 +52,6 @@ references:
stigid@ol8: OL08-00-020190
stigid@rhel7: RHEL-07-010230
stigid@rhel8: RHEL-08-020190
- stigid@rhel9: RHEL-09-611075
stigid@sle12: SLES-12-010260
stigid@sle15: SLES-15-020200
stigid@ubuntu2004: UBTU-20-010007
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
index 6a7c5da04c6..10a4ef23c17 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
@@ -47,7 +47,6 @@ references:
srg: SRG-OS-000078-GPOS-00046
stigid@ol8: OL08-00-020231
stigid@rhel8: RHEL-08-020231
- stigid@rhel9: RHEL-09-611095
ocil_clause: 'it is not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index 58c28272737..3f23b472a2c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -25,20 +25,17 @@ identifiers:
cce@sle15: CCE-85571-8
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis@sle12: 5.4.1.2
cis@sle15: 5.4.1.2
cis@ubuntu2004: 5.4.1.1
cis@ubuntu2204: 5.5.1.2
disa: CCI-000199
nist: IA-5(f),IA-5(1)(d),CM-6(a)
- pcidss4: '8.3.9'
srg: SRG-OS-000076-GPOS-00044
stigid@ol7: OL07-00-010260
stigid@ol8: OL08-00-020210
stigid@rhel7: RHEL-07-010260
stigid@rhel8: RHEL-08-020210
- stigid@rhel9: RHEL-09-411015
stigid@sle12: SLES-12-010290
stigid@sle15: SLES-15-020230
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index 0f8a5bf32a7..da2beb59e20 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@sle15: CCE-85710-2
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis@sle12: 5.4.1.3
cis@sle15: 5.4.1.3
cis@ubuntu2004: 5.4.1.2
@@ -38,7 +37,6 @@ references:
stigid@ol8: OL08-00-020180
stigid@rhel7: RHEL-07-010240
stigid@rhel8: RHEL-08-020180
- stigid@rhel9: RHEL-09-611080
stigid@sle12: SLES-12-010270
stigid@sle15: SLES-15-020210
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
index 74c6c96591f..55bbe1902ac 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
@@ -25,13 +25,11 @@ identifiers:
cce@sle15: CCE-92479-5
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis@sle12: 5.4.1.4
cis@sle15: 5.4.1.4
disa: CCI-000198
nist: IA-5(f),IA-5(1)(d),CM-6(a)
nist@sle15: IA-5(1).1(v)
- pcidss4: '8.3.9'
ocil_clause: 'any results are returned that are not associated with a system account'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
index 049d45cde3b..06bd9323632 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@sle15: CCE-91335-0
references:
- ccn@rhel9: A.5.SEC-RHEL5
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.4.1.4
cis@sle15: 5.4.1.4
@@ -40,7 +39,6 @@ references:
nist: IA-5(f),IA-5(1)(d),CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7
pcidss: Req-8.2.4
- pcidss4: "8.3.9"
ocil_clause: 'it is not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
index f934b886d66..b5f65cd9113 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
@@ -34,7 +34,6 @@ references:
nist: IA-4(e),AC-2(3),CM-6(a)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7
pcidss: Req-8.1.4
- pcidss4: '8.2.6'
srg: SRG-OS-000118-GPOS-00060
ocil_clause: 'the value of INACTIVE is greater than the expected value or is -1'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
index f593046a232..9d0e198b8d4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
@@ -37,7 +37,6 @@ references:
nist: IA-5(h),CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.2.1
- pcidss4: "8.3.2"
# The rule check uses password probe, which doesn't support offline mode
platform: machine
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
index de8560f12f0..0d769323ca3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010120
stigid@rhel8: RHEL-08-010120
- stigid@rhel9: RHEL-09-671015
stigid@sle12: SLES-12-010220
stigid@sle15: SLES-15-020180
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
index 5add42f6341..b50c6a68819 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
@@ -25,7 +25,6 @@ references:
cis@sle15: 5.4.1.6
cis@ubuntu2004: 5.4.1.5
cis@ubuntu2204: 5.5.1.5
- pcidss4: '8.3.5'
ocil_clause: 'any interactive user password that has last change time in the future'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
index 43b07dcb329..f454d4ef615 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
@@ -38,7 +38,6 @@ identifiers:
references:
disa: CCI-000196
srg: SRG-OS-000073-GPOS-00041
- stigid@rhel9: RHEL-09-611050
ocil_clause: 'rounds is not set to {{{ xccdf_value("var_password_pam_unix_rounds") }}} or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
index 7d3795797e4..2bb6c95f1fe 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
@@ -32,7 +32,6 @@ identifiers:
references:
disa: CCI-000196
srg: SRG-OS-000073-GPOS-00041
- stigid@rhel9: RHEL-09-611055
ocil_clause: 'rounds is not set to {{{ xccdf_value("var_password_pam_unix_rounds") }}} or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
index 5a3518235ae..f1365e65ecb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
@@ -34,11 +34,9 @@ references:
nist: IA-2,CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
pcidss: Req-8.5.a
- pcidss4: "8.2.2"
srg: SRG-OS-000104-GPOS-00051
stigid@ol7: OL07-00-020300
stigid@rhel7: RHEL-07-020300
- stigid@rhel9: RHEL-09-411045
ocil_clause: 'GIDs referenced in /etc/passwd are returned as not defined in /etc/group'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
index 09f17eebeba..67e71a6d943 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
@@ -49,13 +49,11 @@ references:
nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5
ospp: FIA_UAU.1
pcidss: Req-8.2.3
- pcidss4: '8.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-010290
stigid@ol8: OL08-00-020331,OL08-00-020332
stigid@rhel7: RHEL-07-010290
stigid@rhel8: RHEL-08-020331,RHEL-08-020332
- stigid@rhel9: RHEL-09-611025
stigid@sle12: SLES-12-010231
stigid@sle15: SLES-15-020300
stigid@ubuntu2004: UBTU-20-010463
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
index 2dd6b706668..524bcbf8a7f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
@@ -31,17 +31,14 @@ identifiers:
cce@sle15: CCE-91155-2
references:
- ccn@rhel9: A.6.SEC-RHEL4
cis@ubuntu2204: 6.2.2
disa: CCI-000366
nist: CM-6(b),CM-6.1(iv)
- pcidss4: '2.2.2'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-010291
stigid@ol8: OL08-00-010121
stigid@rhel7: RHEL-07-010291
stigid@rhel8: RHEL-08-010121
- stigid@rhel9: RHEL-09-611155
stigid@sle12: SLES-12-010221
stigid@sle15: SLES-15-020181
stigid@ubuntu2004: UBTU-20-010462
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index 4dd38b1f26b..dcc311d46bc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -47,13 +47,11 @@ references:
nist@sle12: CM-6(b),CM-6.1(iv)
nist@sle15: CM-6(b),CM-6.1(iv)
pcidss: Req-8.5
- pcidss4: '8.2.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020310
stigid@ol8: OL08-00-040200
stigid@rhel7: RHEL-07-020310
stigid@rhel8: RHEL-08-040200
- stigid@rhel9: RHEL-09-411100
stigid@sle12: SLES-12-010650
stigid@sle15: SLES-15-020100
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index 50cffff79ca..b8420dd527f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -23,7 +23,6 @@ references:
cis@ubuntu2004: 5.4.3
cis@ubuntu2204: 5.5.3
pcidss: Req-8.1.1
- pcidss4: "8.2.1"
ocil_clause: 'root has a primary gid not equal to zero'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
index 1d3ab46941b..e399f479ca4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
@@ -29,7 +29,6 @@ references:
cis@sle15: '5.6'
cis@ubuntu2004: '5.6'
cis@ubuntu2204: 5.3.7
- pcidss4: '2.2.6'
platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml
index 16693f1aa39..61862a92554 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_root_password_configured/rule.yml
@@ -22,10 +22,8 @@ identifiers:
platform: machine
references:
- ccn@rhel9: A.6.SEC-RHEL4
cis@ubuntu2004: 1.5.3
cis@ubuntu2204: 1.4.3
- pcidss4: '2.2.2'
ocil: 'root password is not set'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
index 95c78513d83..861d620d0df 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
@@ -47,7 +47,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
nist: IA-2,CM-6(a)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
- pcidss4: "8.6.1"
ocil_clause: 'the /etc/securetty file is not empty'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml
index e05eb2440ca..426dfffdc12 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_password_auth_for_systemaccounts/rule.yml
@@ -24,10 +24,8 @@ identifiers:
cce@rhel9: CCE-86113-8
references:
- ccn@rhel9: A.6.SEC-RHEL3
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-6,CM-6(a)
- pcidss4: '8.2.2'
ocil_clause: 'system accounts are not locked'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index 50bd97b40d3..ebdb96bd5a9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -29,7 +29,6 @@ identifiers:
cce@sle15: CCE-85672-4
references:
- ccn@rhel9: A.6.SEC-RHEL3
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.4.2
cis@sle15: 5.4.2
@@ -43,9 +42,7 @@ references:
iso27001-2013: A.12.4.1,A.12.4.3,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
nist: AC-6,CM-6(a),CM-6(b),CM-6.1(iv)
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
- pcidss4: '8.2.2'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-411035
stigid@sle12: SLES-12-010631
stigid@sle15: SLES-15-020091
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
index f9309ea5343..cc0f9837f2e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
@@ -38,7 +38,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-6,CM-6(a)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "8.6.1"
srg: SRG-OS-000324-GPOS-00125
ocil_clause: 'root login over virtual console devices is permitted'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
index 1bdad1692f7..ef54967d283 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
@@ -24,12 +24,10 @@ identifiers:
cce@sle15: CCE-91336-8
references:
- ccn@rhel9: A.5.SEC-RHEL1
cis@sle12: "5.6"
cis@sle15: "5.6"
ospp: FMT_SMF_EXT.1.1
srg: 'SRG-OS-000373-GPOS-00156,SRG-OS-000312-GPOS-00123'
- stigid@rhel9: RHEL-09-432035
ocil_clause: 'the line is not in the file or it is commented'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
index 7b88d86d8ad..7ae02056973 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
@@ -28,7 +28,6 @@ references:
cis@sle15: '5.6'
cis@ubuntu2004: '5.6'
cis@ubuntu2204: 5.3.7
- pcidss4: '2.2.6'
platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
index 05db805a950..e2f036e157f 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol8: OL08-00-010760
stigid@rhel7: RHEL-07-020610
stigid@rhel8: RHEL-08-010760
- stigid@rhel9: RHEL-09-411020
stigid@sle12: SLES-12-010720
stigid@sle15: SLES-15-020110
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
index ff6e6b0e0e6..d224b894f81 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
@@ -33,7 +33,6 @@ references:
stigid@ol8: OL08-00-020310
stigid@rhel7: RHEL-07-010430
stigid@rhel8: RHEL-08-020310
- stigid@rhel9: RHEL-09-412050
stigid@sle12: SLES-12-010140
ocil_clause: 'the value of "FAIL_DELAY" is not set to "{{{ xccdf_value("var_accounts_fail_delay") }}}" or greater, or the line is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
index 3242bb77ee3..238a4c35bc1 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
@@ -40,7 +40,6 @@ references:
stigid@ol8: OL08-00-020024
stigid@rhel7: RHEL-07-040000
stigid@rhel8: RHEL-08-020024
- stigid@rhel9: RHEL-09-412040
stigid@sle12: SLES-12-010120
stigid@sle15: SLES-15-020020
stigid@ubuntu2004: UBTU-20-010400
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 9ef5276914a..760a61e5eb5 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -45,7 +45,6 @@ identifiers:
cce@sle15: CCE-83269-1
references:
- ccn@rhel9: A.5.SEC-RHEL8
cis-csc: 1,12,15,16
cis@sle12: 5.4.4
cis@sle15: 5.4.4
@@ -62,11 +61,9 @@ references:
nist-csf: PR.AC-7
nist@sle12: AC-11(a)
ospp: FMT_MOF_EXT.1
- pcidss4: "8.6.1"
srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010
stigid@ol7: OL07-00-040160
stigid@rhel7: RHEL-07-040160
- stigid@rhel9: RHEL-09-412035
stigid@sle12: SLES-12-010090
stigid@sle15: SLES-15-010130
stigid@ubuntu2004: UBTU-20-010013
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
index b677251c766..5bbf11aadc6 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
@@ -34,7 +34,6 @@ references:
stigid@ol8: OL08-00-010660
stigid@rhel7: RHEL-07-020730
stigid@rhel8: RHEL-08-010660
- stigid@rhel9: RHEL-09-411115
stigid@sle12: SLES-12-010780
stigid@sle15: SLES-15-040130
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
index 3cad08ecd0b..6afe058cf7e 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
@@ -35,7 +35,6 @@ references:
stigid@ol8: OL08-00-010690
stigid@rhel7: RHEL-07-020720
stigid@rhel8: RHEL-08-010690
- stigid@rhel9: RHEL-09-411055
stigid@sle12: SLES-12-010770
stigid@sle15: SLES-15-040120
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
index 6c4ebf5a6a3..a76ca547a3b 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol8: OL08-00-010720
stigid@rhel7: RHEL-07-020600
stigid@rhel8: RHEL-08-010720
- stigid@rhel9: RHEL-09-411060
stigid@sle12: SLES-12-010710
stigid@sle15: SLES-15-040070
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index 6d6ed2326e2..997f43257e1 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -36,7 +36,6 @@ references:
stigid@ol8: OL08-00-010750
stigid@rhel7: RHEL-07-020620
stigid@rhel8: RHEL-08-010750
- stigid@rhel9: RHEL-09-411065
stigid@sle12: SLES-12-010730
stigid@sle15: SLES-15-040080
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index 06bdf97c33c..1d0733c97fd 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -40,7 +40,6 @@ references:
stigid@ol8: OL08-00-010740
stigid@rhel7: RHEL-07-020650
stigid@rhel8: RHEL-08-010740
- stigid@rhel9: RHEL-09-411070
stigid@sle12: SLES-12-010750
stigid@sle15: SLES-15-040100
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
index c4f916cffd1..74f5f022319 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -29,7 +29,6 @@ references:
stigid@ol8: OL08-00-010770
stigid@rhel7: RHEL-07-020710
stigid@rhel8: RHEL-08-010770
- stigid@rhel9: RHEL-09-232045
stigid@sle12: SLES-12-010760
stigid@sle15: SLES-15-040110
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
index 1b2a0e82d55..2719dae2979 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -33,7 +33,6 @@ references:
stigid@ol8: OL08-00-010730
stigid@rhel7: RHEL-07-020630
stigid@rhel8: RHEL-08-010730
- stigid@rhel9: RHEL-09-232050
stigid@sle12: SLES-12-010740
stigid@sle15: SLES-15-040090
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
index 290ae7643f7..37b322c3c89 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@sle15: CCE-91215-4
references:
- ccn@rhel9: A.6.SEC-RHEL5
cis-csc: '18'
cis@sle12: 5.4.5
cis@sle15: 5.4.5
@@ -47,7 +46,6 @@ references:
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
stigid@rhel8: RHEL-08-020353
- stigid@rhel9: RHEL-09-412055
platform: package[bash]
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
index 66dd2ac5218..23273c85550 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
stigid@rhel8: RHEL-08-020353
- stigid@rhel9: RHEL-09-412060
ocil_clause: 'the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "umask" parameter is missing or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
index 4dec7096682..9cf8c4c2033 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@sle15: CCE-85659-1
references:
- ccn@rhel9: A.6.SEC-RHEL5
cis-csc: 11,18,3,9
cis@sle12: 5.4.5
cis@sle15: 5.4.5
@@ -41,7 +40,6 @@ references:
stigid@ol8: OL08-00-020351
stigid@rhel7: RHEL-07-020240
stigid@rhel8: RHEL-08-020351
- stigid@rhel9: RHEL-09-412065
stigid@sle12: SLES-12-010620
stigid@sle15: SLES-15-040420
stigid@ubuntu2004: UBTU-20-010016
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
index 6dd11ceeaa0..ef85c30c923 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -27,7 +27,6 @@ identifiers:
cce@sle15: CCE-91216-2
references:
- ccn@rhel9: A.6.SEC-RHEL5
cis-csc: '18'
cis@sle12: 5.4.5
cis@sle15: 5.4.5
@@ -43,7 +42,6 @@ references:
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
stigid@rhel8: RHEL-08-020353
- stigid@rhel9: RHEL-09-412070
ocil_clause: |-
the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}",
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
index 57e1907d49c..da7594ebcd7 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
@@ -29,7 +29,6 @@ references:
stigid@ol8: OL08-00-020352
stigid@rhel7: RHEL-07-021040
stigid@rhel8: RHEL-08-020352
- stigid@rhel9: RHEL-09-411025
ocil_clause: 'any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077"'
diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml
index b02cfd53529..8a47c524ba8 100644
--- a/linux_os/guide/system/accounts/enable_authselect/rule.yml
+++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@rhel9: CCE-89732-2
references:
- ccn@rhel9: A.30.SEC-RHEL1
disa: CCI-000213
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) # taken from require_singleuser_auth
nist: AC-3
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
index 2e62f2e147b..34c180fd0b8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -38,7 +38,6 @@ identifiers:
cce@sle15: CCE-85693-0
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -57,13 +56,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
stigid@rhel8: RHEL-08-030490
- stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010152
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
index d54df080281..7cc808a5c3b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -38,7 +38,6 @@ identifiers:
cce@sle15: CCE-85690-6
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -57,13 +56,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
stigid@rhel8: RHEL-08-030480
- stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010148
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index c6da105bce8..b680a142575 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85694-8
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -54,13 +53,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
stigid@rhel8: RHEL-08-030490
- stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010153
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index 459abcff96f..a7e9e260f26 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85695-5
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -54,13 +53,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
stigid@rhel8: RHEL-08-030490
- stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010154
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index b4bfed7bcbc..9d05087518a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -38,7 +38,6 @@ identifiers:
cce@sle15: CCE-85721-9
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -57,13 +56,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
stigid@rhel8: RHEL-08-030480
- stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010149
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index 3948d454732..53ff8f91b84 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85692-2
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -54,13 +53,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
stigid@rhel8: RHEL-08-030480
- stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index 263a39f1991..47d373ac319 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -52,7 +52,6 @@ identifiers:
cce@sle15: CCE-85686-4
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -71,13 +70,11 @@ references:
nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010147
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index 267dbda7bc7..95271f7f7fa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -47,7 +47,6 @@ identifiers:
cce@sle15: CCE-85688-0
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -66,13 +65,11 @@ references:
nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010144
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 57cbf72ef11..5a5d9ed6908 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -38,7 +38,6 @@ identifiers:
cce@sle15: CCE-85691-4
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -57,13 +56,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
stigid@rhel8: RHEL-08-030480
- stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010151
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
index cb9711c2988..3e671303b5c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -52,7 +52,6 @@ identifiers:
cce@sle15: CCE-85685-6
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -71,13 +70,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010146
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index 00158874250..446d7bd3cfd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -47,7 +47,6 @@ identifiers:
cce@sle15: CCE-85689-8
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -66,13 +65,11 @@ references:
nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010143
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index c95621a88d5..a83fb513f4c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -51,7 +51,6 @@ identifiers:
cce@sle15: CCE-85684-9
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -70,13 +69,11 @@ references:
nist@sle15: AU-12(a),AU-12.1(ii),AU-12(c),AU-12.1(iv),AU-3,AU-3.1,MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010145
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index 44b26480dc2..335f15e7968 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -47,7 +47,6 @@ identifiers:
cce@sle15: CCE-85687-2
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
@@ -66,13 +65,11 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000466-GPOS-00210,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
stigid@rhel8: RHEL-08-030200
- stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010142
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml
index 89e2ad67fb8..746c0a3d4f3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml
@@ -34,7 +34,6 @@ references:
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
- stigid@rhel9: RHEL-09-654205
stigid@sle12: SLES-12-020300
stigid@sle15: SLES-15-030360
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
index 5d76fa2bd3a..16da550386c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml
@@ -37,7 +37,6 @@ references:
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
- stigid@rhel9: RHEL-09-654210
stigid@sle12: SLES-12-020300
stigid@sle15: SLES-15-030360
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index 945c54414f7..2eff921f000 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -39,7 +39,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol8: OL08-00-030570
stigid@rhel8: RHEL-08-030570
- stigid@rhel9: RHEL-09-654035
stigid@sle12: SLES-12-020620
stigid@sle15: SLES-15-030440
stigid@ubuntu2004: UBTU-20-010168
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index 16526ed8fca..7ef8c41133c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030330
stigid@rhel8: RHEL-08-030330
- stigid@rhel9: RHEL-09-654040
stigid@sle12: SLES-12-020610
stigid@sle15: SLES-15-030430
stigid@ubuntu2004: UBTU-20-010167
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index c47edec09e9..f7b9d43a09a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -61,7 +61,6 @@ references:
stigid@ol8: OL08-00-030260
stigid@rhel7: RHEL-07-030580
stigid@rhel8: RHEL-08-030260
- stigid@rhel9: RHEL-09-654045
stigid@sle12: SLES-12-020630
stigid@sle15: SLES-15-030450
stigid@ubuntu2004: UBTU-20-010165
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
index 698a94308ce..5f9cad67946 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
@@ -58,7 +58,6 @@ references:
stigid@ol8: OL08-00-030313
stigid@rhel7: RHEL-07-030560
stigid@rhel8: RHEL-08-030313
- stigid@rhel9: RHEL-09-654050
{{{ ocil_fix_srg_privileged_command("semanage", "/usr/sbin/", "privileged-unix-update") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
index b8e7c350284..24b33335244 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-030314
stigid@rhel7: RHEL-07-030590
stigid@rhel8: RHEL-08-030314
- stigid@rhel9: RHEL-09-654055
{{{ ocil_fix_srg_privileged_command("setfiles", "/usr/sbin/", "privileged-unix-update") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
index 0a9b6c0d10a..3ecdebdb584 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
@@ -57,7 +57,6 @@ references:
stigid@ol8: OL08-00-030316
stigid@rhel7: RHEL-07-030570
stigid@rhel8: RHEL-08-030316
- stigid@rhel9: RHEL-09-654060
{{{ ocil_fix_srg_privileged_command("setsebool", "/usr/sbin/", "privileged") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
index 594389ab3a1..52fedb30cd2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
@@ -51,13 +51,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
stigid@rhel8: RHEL-08-030361
- stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
{{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index bf5d598fc0a..d82ff5fa4b6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -48,13 +48,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
stigid@rhel8: RHEL-08-030361
- stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
{{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
index 1ca39cd2151..a6f1fc6deb1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
@@ -47,13 +47,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
stigid@rhel8: RHEL-08-030361
- stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index ac14a20e471..e2de0922294 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -51,13 +51,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
stigid@rhel8: RHEL-08-030361
- stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
{{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index c29226f7f87..a29461c03f6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -48,13 +48,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.MA-2,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
stigid@rhel8: RHEL-08-030361
- stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
{{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index e1fe76cfa68..b97dc5e35a5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@sle15: CCE-85681-5
references:
- ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
@@ -66,7 +65,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010158
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index 7af4301d324..b39aca91389 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@sle15: CCE-85696-3
references:
- ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
@@ -66,7 +65,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010157
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index 1df40c373bf..995220254f0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -46,7 +46,6 @@ identifiers:
cce@sle15: CCE-85680-7
references:
- ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
@@ -69,7 +68,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010155
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
index 6e706de37dc..c15f79f546b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
@@ -58,7 +58,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010160
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index 945098b79a2..782f603ae71 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@sle15: CCE-85682-3
references:
- ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
@@ -66,7 +65,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010159
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 120f52dd850..e2889ab479b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -43,7 +43,6 @@ identifiers:
cce@sle15: CCE-85608-8
references:
- ccn@rhel9: A.3.SEC-RHEL9
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
@@ -65,7 +64,6 @@ references:
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
stigid@rhel8: RHEL-08-030420
- stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010156
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index 95b2183d116..53ff9fbccf7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -57,7 +57,6 @@ references:
stigid@ol8: OL08-00-030390
stigid@rhel7: RHEL-07-030830
stigid@rhel8: RHEL-08-030390
- stigid@rhel9: RHEL-09-654075
stigid@sle12: SLES-12-020730
stigid@sle15: SLES-15-030520
stigid@ubuntu2004: UBTU-20-010181
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index 53cf20e4f45..8dbb2d738ce 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -56,7 +56,6 @@ references:
stigid@ol8: OL08-00-030360
stigid@rhel7: RHEL-07-030820
stigid@rhel8: RHEL-08-030360
- stigid@rhel9: RHEL-09-654080
stigid@sle12: SLES-12-020740
stigid@sle15: SLES-15-030530
stigid@ubuntu2004: UBTU-20-010179
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index c1b9ca7219d..16041016c57 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -57,7 +57,6 @@ references:
stigid@ol8: OL08-00-030360
stigid@rhel7: RHEL-07-030820
stigid@rhel8: RHEL-08-030360
- stigid@rhel9: RHEL-09-654080
stigid@sle12: SLES-12-020740
stigid@sle15: SLES-15-030530
stigid@ubuntu2004: UBTU-20-010179
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
index 38642af4c8a..1f892b60375 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@sle15: CCE-91449-9
references:
- ccn@rhel9: A.3.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.7
cis@sle15: 4.1.7
@@ -47,13 +46,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.3
- pcidss4: "10.2.1.3"
srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290
stigid@ol7: OL07-00-030610
stigid@ol8: OL08-00-030590
stigid@rhel7: RHEL-07-030610
stigid@rhel8: RHEL-08-030590
- stigid@rhel9: RHEL-09-654250
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index 18083ab8f71..1f76c138c17 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@sle15: CCE-85598-1
references:
- ccn@rhel9: A.3.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.7
cis@sle15: 4.1.7
@@ -49,13 +48,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.3
- pcidss4: "10.2.1.3"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000470-GPOS-00214,SRG-APP-000495-CTR-001235,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290
stigid@ol7: OL07-00-030620
stigid@ol8: OL08-00-030600
stigid@rhel7: RHEL-07-030620
stigid@rhel8: RHEL-08-030600
- stigid@rhel9: RHEL-09-654255
stigid@sle12: SLES-12-020660
stigid@sle15: SLES-15-030480
stigid@ubuntu2004: UBTU-20-010171
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
index db1dfdb13ee..3e51a3aa9e2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
@@ -48,10 +48,8 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.3
- pcidss4: "10.2.1.3"
srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275
stigid@rhel7: RHEL-07-030600
- stigid@rhel9: RHEL-09-654260
stigid@sle12: SLES-12-020650
stigid@sle15: SLES-15-030470
stigid@ubuntu2004: UBTU-20-010169
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml
index 0630c7201af..c66ed5fcd65 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_init/rule.yml
@@ -32,7 +32,6 @@ references:
disa: CCI-000172
nist: AU-12(c)
srg: SRG-OS-000477-GPOS-00222
- stigid@rhel9: RHEL-09-654185
{{{ ocil_fix_srg_privileged_command("init","{{{ path }}}/") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml
index edb63d1f46c..3a4f1fead9e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_poweroff/rule.yml
@@ -32,7 +32,6 @@ references:
disa: CCI-000172
nist: AU-12(c)
srg: SRG-OS-000477-GPOS-00222
- stigid@rhel9: RHEL-09-654190
{{{ ocil_fix_srg_privileged_command("poweroff","{{{ path }}}/") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml
index 19419ece489..deb4f602c88 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_reboot/rule.yml
@@ -32,7 +32,6 @@ references:
disa: CCI-000172
nist: AU-12(c)
srg: SRG-OS-000477-GPOS-00222
- stigid@rhel9: RHEL-09-654195
{{{ ocil_fix_srg_privileged_command("reboot","{{{ path }}}/") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml
index 7f62af5ecb8..a1448481653 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_privileged_commands_shutdown/rule.yml
@@ -32,7 +32,6 @@ references:
disa: CCI-000172
nist: AU-12(c)
srg: SRG-OS-000477-GPOS-00222
- stigid@rhel9: RHEL-09-654200
{{{ ocil_fix_srg_privileged_command("shutdown","{{{ path }}}/") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
index b628567bcbd..97636e95d1c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
@@ -60,7 +60,6 @@ references:
stigid@ol8: OL08-00-030250
stigid@rhel7: RHEL-07-030660
stigid@rhel8: RHEL-08-030250
- stigid@rhel9: RHEL-09-654085
stigid@sle12: SLES-12-020690
stigid@sle15: SLES-15-030120
stigid@ubuntu2004: UBTU-20-010175
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
index 7515a6681d7..e9872e8a3c4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
@@ -60,7 +60,6 @@ references:
stigid@ol8: OL08-00-030410
stigid@rhel7: RHEL-07-030720
stigid@rhel8: RHEL-08-030410
- stigid@rhel9: RHEL-09-654090
stigid@sle12: SLES-12-020580
stigid@sle15: SLES-15-030100
stigid@ubuntu2004: UBTU-20-010163
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
index 8ef1fdf41cf..6ea9eeed7f6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
@@ -59,7 +59,6 @@ references:
stigid@ol8: OL08-00-030400
stigid@rhel7: RHEL-07-030800
stigid@rhel8: RHEL-08-030400
- stigid@rhel9: RHEL-09-654095
stigid@sle12: SLES-12-020710
stigid@sle15: SLES-15-030130
stigid@ubuntu2004: UBTU-20-010177
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
index 18a97ba77a7..d51a5ba639d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
@@ -61,7 +61,6 @@ references:
stigid@ol8: OL08-00-030370
stigid@rhel7: RHEL-07-030650
stigid@rhel8: RHEL-08-030370
- stigid@rhel9: RHEL-09-654100
stigid@sle12: SLES-12-020560
stigid@sle15: SLES-15-030080
stigid@ubuntu2004: UBTU-20-010174
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index 9a964e4bdad..4c1d8125a46 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-030580
stigid@rhel7: RHEL-07-030840
stigid@rhel8: RHEL-08-030580
- stigid@rhel9: RHEL-09-654105
stigid@sle12: SLES-12-020360
stigid@sle15: SLES-15-030410
stigid@ubuntu2004: UBTU-20-010297
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
index 817ec3f12c0..9925cf2f535 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
@@ -51,7 +51,6 @@ references:
stigid@ol8: OL08-00-030300
stigid@rhel7: RHEL-07-030740
stigid@rhel8: RHEL-08-030300
- stigid@rhel9: RHEL-09-654180
stigid@sle12: SLES-12-020290
stigid@ubuntu2004: UBTU-20-010138
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
index c1ffea143b4..21fdc14f08f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
@@ -61,7 +61,6 @@ references:
stigid@ol8: OL08-00-030350
stigid@rhel7: RHEL-07-030710
stigid@rhel8: RHEL-08-030350
- stigid@rhel9: RHEL-09-654110
stigid@sle12: SLES-12-020570
stigid@sle15: SLES-15-030090
stigid@ubuntu2004: UBTU-20-010164
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 1a09558ece5..5f1eeb2de38 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -65,7 +65,6 @@ references:
stigid@ol8: OL08-00-030340
stigid@rhel7: RHEL-07-030810
stigid@rhel8: RHEL-08-030340
- stigid@rhel9: RHEL-09-654115
stigid@sle12: SLES-12-020720
stigid@sle15: SLES-15-030510
stigid@ubuntu2004: UBTU-20-010178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
index 25bfa1d0006..d7318cbab04 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
@@ -59,7 +59,6 @@ references:
stigid@ol8: OL08-00-030290
stigid@rhel7: RHEL-07-030630
stigid@rhel8: RHEL-08-030290
- stigid@rhel9: RHEL-09-654120
stigid@sle12: SLES-12-020550
stigid@sle15: SLES-15-030070
stigid@ubuntu2004: UBTU-20-010172
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
index ffa07f18f3a..c3cfc617b08 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
@@ -58,7 +58,6 @@ references:
stigid@ol8: OL08-00-030311
stigid@rhel7: RHEL-07-030760
stigid@rhel8: RHEL-08-030311
- stigid@rhel9: RHEL-09-654125
{{{ ocil_fix_srg_privileged_command("postdrop") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
index 0abec84ef9e..33490fcf5a7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
@@ -58,7 +58,6 @@ references:
stigid@ol8: OL08-00-030312
stigid@rhel7: RHEL-07-030770
stigid@rhel8: RHEL-08-030312
- stigid@rhel9: RHEL-09-654130
{{{ ocil_fix_srg_privileged_command("postqueue") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
index c6faead32ed..4b0ac341497 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
@@ -40,7 +40,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030280
stigid@rhel8: RHEL-08-030280
- stigid@rhel9: RHEL-09-654135
stigid@sle12: SLES-12-020310
stigid@sle15: SLES-15-030370
stigid@ubuntu2004: UBTU-20-010140
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
index a6241129703..92d86ba5a51 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
@@ -68,7 +68,6 @@ references:
stigid@ol8: OL08-00-030320
stigid@rhel7: RHEL-07-030780
stigid@rhel8: RHEL-08-030320
- stigid@rhel9: RHEL-09-654140
stigid@sle12: SLES-12-020320
stigid@sle15: SLES-15-030060
stigid@ubuntu2004: UBTU-20-010141
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index 1b4f74df502..2cab4c12ac2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -60,7 +60,6 @@ references:
stigid@ol8: OL08-00-030190
stigid@rhel7: RHEL-07-030680
stigid@rhel8: RHEL-08-030190
- stigid@rhel9: RHEL-09-654145
stigid@sle12: SLES-12-020250
stigid@sle15: SLES-15-030550
stigid@ubuntu2004: UBTU-20-010136
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index 536fa541835..51db71f981e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -60,7 +60,6 @@ references:
stigid@ol8: OL08-00-030550
stigid@rhel7: RHEL-07-030690
stigid@rhel8: RHEL-08-030550
- stigid@rhel9: RHEL-09-654150
stigid@sle12: SLES-12-020260
stigid@sle15: SLES-15-030560
stigid@ubuntu2004: UBTU-20-010161
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
index f9af68594ed..4f58c77d546 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
@@ -56,7 +56,6 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)
ospp: FAU_GEN.1.1.c
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
- stigid@rhel9: RHEL-09-654155
stigid@sle15: SLES-15-030330
stigid@ubuntu2004: UBTU-20-010162
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
index 3cc45096890..bde7ca4d9f5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
@@ -59,7 +59,6 @@ references:
stigid@ol8: OL08-00-030301
stigid@rhel7: RHEL-07-030750
stigid@rhel8: RHEL-08-030301
- stigid@rhel9: RHEL-09-654030
stigid@sle12: SLES-12-020300
stigid@ubuntu2004: UBTU-20-010139
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
index 8caef5913a2..7a160905bf3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
@@ -61,7 +61,6 @@ references:
stigid@ol8: OL08-00-030317
stigid@rhel7: RHEL-07-030640
stigid@rhel8: RHEL-08-030317
- stigid@rhel9: RHEL-09-654160
stigid@sle12: SLES-12-020680
stigid@sle15: SLES-15-030110
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
index 3b477a26b88..321018655a3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030310
stigid@rhel8: RHEL-08-030310
- stigid@rhel9: RHEL-09-654165
stigid@ubuntu2004: UBTU-20-010173
{{{ ocil_fix_srg_privileged_command("unix_update") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
index f61686df733..bda6d3239ff 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
@@ -57,7 +57,6 @@ references:
stigid@ol8: OL08-00-030315
stigid@rhel7: RHEL-07-030670
stigid@rhel8: RHEL-08-030315
- stigid@rhel9: RHEL-09-654170
{{{ ocil_fix_srg_privileged_command("userhelper") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index af9cfac7a5c..0ba3ab59df7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -43,7 +43,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol8: OL08-00-030560
stigid@rhel8: RHEL-08-030560
- stigid@rhel9: RHEL-09-654175
stigid@sle12: SLES-12-020700
stigid@sle15: SLES-15-030500
stigid@ubuntu2004: UBTU-20-010176
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
index fc92ce87367..242a3f69ed5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
@@ -49,11 +49,9 @@ references:
nist: AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.5.2
- pcidss4: "10.3.2"
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000119-CTR-000245,SRG-APP-000120-CTR-000250
stigid@ol8: OL08-00-030121
stigid@rhel8: RHEL-08-030121
- stigid@rhel9: RHEL-09-654275
ocil_clause: 'the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules"'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
index 15519eec3c2..349d4ecd77d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
@@ -32,7 +32,6 @@ references:
disa: CCI-000162,CCI-000163,CCI-000164
srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
stigid@rhel8: RHEL-08-030122
- stigid@rhel9: RHEL-09-654270
ocil_clause: 'the system is not configured to make login UIDs immutable'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
index ee70519c97b..f0f2927b785 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
@@ -44,7 +44,6 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
ocil_clause: 'the system is not configured to audit attempts to change the MAC policy'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
index 31bf371f0b6..765a8d29e02 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -33,7 +33,6 @@ identifiers:
cce@sle15: CCE-85718-5
references:
- ccn@rhel9: A.3.SEC-RHEL10
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.12
cis@sle15: 4.1.12
@@ -49,7 +48,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.2.7
- pcidss4: "10.2.1.7"
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol7: OL07-00-030740
stigid@ol8: OL08-00-030302
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
index 6303f36ee55..63fbf9d7ffd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
@@ -64,7 +64,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.5.5
- pcidss4: "10.3.4"
ocil_clause: 'the system is not configured to audit changes of the network configuration'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
index 4b224155882..b8653738381 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85829-0
references:
- ccn@rhel9: A.3.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.8
cis@sle15: 4.1.8
@@ -53,6 +52,5 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.3
- pcidss4: "10.2.1.3"
srg: SRG-APP-000505-CTR-001285
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
index 72245ee7937..acb8b30bc0b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol8: OL08-00-030171
stigid@rhel8: RHEL-08-030171
- stigid@rhel9: RHEL-09-654215
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
index dd9b966dd59..a78cc4d0bf4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol8: OL08-00-030172
stigid@rhel8: RHEL-08-030172
- stigid@rhel9: RHEL-09-654220
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
index 9973488bd93..945f1417247 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
@@ -52,13 +52,11 @@ references:
cis@ubuntu2204: 4.1.3.2
disa: CCI-001814,CCI-001882,CCI-001889,CCI-001880,CCI-001881,CCI-001878,CCI-001879,CCI-001875,CCI-001877,CCI-001914,CCI-002233,CCI-002234
nist: CM-5(1),AU-7(a),AU-7(b),AU-8(b),AU-12(3),AC-6(9)
- pcidss4: '10.2.1.2'
srg: SRG-OS-000326-GPOS-00126,SRG-OS-000327-GPOS-00127,SRG-APP-000343-CTR-000780,SRG-APP-000381-CTR-000905
stigid@ol7: OL07-00-030360
stigid@ol8: OL08-00-030000
stigid@rhel7: RHEL-07-030360
stigid@rhel8: RHEL-08-030000
- stigid@rhel9: RHEL-09-654010
stigid@sle12: SLES-12-020240
stigid@sle15: SLES-15-030640
stigid@ubuntu2004: UBTU-20-010211
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index 1b90c90b7dd..33a6bc9c580 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@sle15: CCE-85679-9
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.14
cis@sle15: 4.1.14
@@ -50,7 +49,6 @@ references:
nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.2,Req-10.2.5.b
- pcidss4: '10.2.1.5'
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000026-CTR-000070,SRG-APP-000027-CTR-000075,SRG-APP-000028-CTR-000080,SRG-APP-000291-CTR-000675,SRG-APP-000292-CTR-000680,SRG-APP-000293-CTR-000685,SRG-APP-000294-CTR-000690,SRG-APP-000319-CTR-000745,SRG-APP-000320-CTR-000750,SRG-APP-000509-CTR-001305
stigid@ol7: OL07-00-030700
stigid@rhel7: RHEL-07-030700
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
index 13e21cb4fd1..3f2a116775f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
@@ -46,7 +46,6 @@ references:
srg: SRG-OS-000046-GPOS-00022,SRG-OS-000047-GPOS-00023
stigid@ol7: OL07-00-030010
stigid@rhel7: RHEL-07-030010
- stigid@rhel9: RHEL-09-654265
ocil_clause: 'the system is not configured to shutdown on auditd failures'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 68bc0cb36dd..7df7ae8e324 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85578-3
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
@@ -54,13 +53,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.5
- pcidss4: "10.2.1.5"
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol7: OL07-00-030871
stigid@ol8: OL08-00-030170
stigid@rhel7: RHEL-07-030871
stigid@rhel8: RHEL-08-030170
- stigid@rhel9: RHEL-09-654225
stigid@sle12: SLES-12-020210
stigid@sle15: SLES-15-030010
stigid@ubuntu2004: UBTU-20-010101
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 2529f925540..8b62926773c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85580-9
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
@@ -54,13 +53,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.5
- pcidss4: "10.2.1.5"
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol7: OL07-00-030872
stigid@ol8: OL08-00-030160
stigid@rhel7: RHEL-07-030872
stigid@rhel8: RHEL-08-030160
- stigid@rhel9: RHEL-09-654230
stigid@sle12: SLES-12-020590
stigid@sle15: SLES-15-030040
stigid@ubuntu2004: UBTU-20-010103
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index 5b97bcb1e34..c7d3a45b20a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85728-4
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
@@ -55,13 +54,11 @@ references:
nist@sle15: AC-2(4).1(i&ii),AU-12.1(iv)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.5
- pcidss4: "10.2.1.5"
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000503-CTR-001275
stigid@ol7: OL07-00-030874
stigid@ol8: OL08-00-030140
stigid@rhel7: RHEL-07-030874
stigid@rhel8: RHEL-08-030140
- stigid@rhel9: RHEL-09-654235
stigid@sle12: SLES-12-020230
stigid@sle15: SLES-15-030030
stigid@ubuntu2004: UBTU-20-010104
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index 1ea0e6dd49b..625da6853a1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85577-5
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
@@ -54,13 +53,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.5
- pcidss4: "10.2.1.5"
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-OS-000274-GPOS-00104,SRG-OS-000275-GPOS-00105,SRG-OS-000276-GPOS-00106,SRG-OS-000277-GPOS-00107,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol7: OL07-00-030870
stigid@ol8: OL08-00-030150
stigid@rhel7: RHEL-07-030870
stigid@rhel8: RHEL-08-030150
- stigid@rhel9: RHEL-09-654240
stigid@sle12: SLES-12-020200
stigid@sle15: SLES-15-030000
stigid@ubuntu2004: UBTU-20-010100
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index 43a4842c53e..678fcc02caa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-85579-1
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
@@ -54,13 +53,11 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.2.5
- pcidss4: "10.2.1.5"
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol7: OL07-00-030873
stigid@ol8: OL08-00-030130
stigid@rhel7: RHEL-07-030873
stigid@rhel8: RHEL-08-030130
- stigid@rhel9: RHEL-09-654245
stigid@sle12: SLES-12-020220
stigid@sle15: SLES-15-030020
stigid@ubuntu2004: UBTU-20-010102
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
index 7fd5102e72e..5be73335924 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
@@ -44,13 +44,11 @@ identifiers:
cce@sle15: CCE-92551-1
references:
- ccn@rhel9: A.3.SEC-RHEL7
cis@sle12: 4.1.15
cis@sle15: 4.1.15
cis@ubuntu2204: 4.1.3.3
disa: CCI-000172,CCI-002884
pcidss: Req-10.2.2,Req-10.2.5.b
- pcidss4: '10.2.1.4'
srg: SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215
stigid@ubuntu2004: UBTU-20-010244
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
index 519d4d053f1..5fcd1182c53 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
@@ -55,7 +55,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.4.2.b
- pcidss4: "10.6.3"
ocil_clause: 'the system is not configured to audit time changes'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
index ad397daa89a..6ccba7a3e8b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/rule.yml
@@ -53,7 +53,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.4.2.b
- pcidss4: "10.6.3"
ocil_clause: 'the system is not configured to audit time changes'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
index 70875007338..c7a4f2d2b0a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
@@ -55,7 +55,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.4.2.b
- pcidss4: "10.6.3"
ocil_clause: 'the system is not configured to audit time changes'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
index 0588660592e..8182a10698e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
@@ -62,7 +62,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.4.2.b
- pcidss4: "10.6.3"
ocil_clause: 'the system is not configured to audit time changes'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
index e339de4f749..9cc6e4fbc35 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
@@ -49,7 +49,6 @@ references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.4.2.b
- pcidss4: "10.6.3,10.6.3"
ocil_clause: 'the system is not configured to audit time changes'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
index a3215f3178f..ffcfbc5d9d4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
@@ -31,7 +31,6 @@ identifiers:
references:
nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
ospp: FAU_GEN.1.1.c
- pcidss4: "10.3.1"
ocil_clause: "no line is returned"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
index 743a1642348..4a9a0a15d6f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030110
stigid@rhel8: RHEL-08-030110
- stigid@rhel9: RHEL-09-653080
ocil: |-
{{% if product =="ol8" %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
index 301bd5e5735..0fcc645925f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030100
stigid@rhel8: RHEL-08-030100
- stigid@rhel9: RHEL-09-653085
ocil_clause: the directory is not owned by root
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
index b96e4cb2be3..350c9ebc7a2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
@@ -33,7 +33,6 @@ identifiers:
cce@rhel9: CCE-83734-4
references:
- ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cis@ubuntu2204: 4.1.4.4
cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
index 0cce15855c3..869679c2a14 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@rhel9: CCE-89603-5
references:
- ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cis@ubuntu2204: 4.1.4.3
cjis: 5.4.1.1
@@ -39,7 +38,6 @@ references:
nist: CM-6(a),AC-6(1),AU-9(4)
nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.5.1
- pcidss4: '10.3.2'
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030090
stigid@rhel8: RHEL-08-030090
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
index 45b17d60a6e..e7ca0307fa5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_groupownership_audit_configuration/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@rhel9: CCE-86446-2
references:
- ccn@rhel9: A.3.SEC-RHEL4
cis@ubuntu2204: 4.1.4.7
disa: CCI-000171
srg: SRG-OS-000063-GPOS-00032
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
index 71f476e783e..f936821975b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_audit_configuration/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@rhel9: CCE-86445-4
references:
- ccn@rhel9: A.3.SEC-RHEL4
cis@ubuntu2204: 4.1.4.6
disa: CCI-000171
srg: SRG-OS-000063-GPOS-00032
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
index db68bbdb537..b8d1c508b94 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@sle15: CCE-85810-0
references:
- ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cjis: 5.4.1.1
cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01
@@ -35,7 +34,6 @@ references:
nist: CM-6(a),AC-6(1),AU-9(4)
nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.5.1
- pcidss4: "10.3.2"
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000118-CTR-000240
stigid@ol7: OL07-00-910055
stigid@rhel7: RHEL-07-910055
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
index 9187b319529..398f582250b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_audit_configuration/rule.yml
@@ -22,8 +22,6 @@ identifiers:
cce@rhel8: CCE-86407-4
cce@rhel9: CCE-88002-1
-references:
- ccn@rhel9: A.3.SEC-RHEL4
ocil: |-
{{{ describe_file_permissions(file="/etc/audit/", perms="0640") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index dcaad3c0026..b6097cbf025 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -34,7 +34,6 @@ identifiers:
cce@sle15: CCE-85811-8
references:
- ccn@rhel9: A.3.SEC-RHEL2
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cis@ubuntu2204: 4.1.4.1
cjis: 5.4.1.1
@@ -48,13 +47,11 @@ references:
nist: CM-6(a),AC-6(1),AU-9(4)
nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.5
- pcidss4: "10.3.1"
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol7: OL07-00-910055
stigid@ol8: OL08-00-030070
stigid@rhel7: RHEL-07-910055
stigid@rhel8: RHEL-08-030070
- stigid@rhel9: RHEL-09-653090
stigid@ubuntu2004: UBTU-20-010122
ocil_clause: 'any permissions are more permissive'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
index f902ce228d9..80a09e844a6 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
stigid@ol8: OL08-00-030660
stigid@rhel8: RHEL-08-030660
- stigid@rhel9: RHEL-09-653030
stigid@sle12: SLES-12-020020
stigid@sle15: SLES-15-030660
stigid@ubuntu2004: UBTU-20-010215
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
index d58488fe8da..df32a0d96b3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
@@ -38,9 +38,7 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.PT-1,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.3
- pcidss4: "10.3.3"
srg: SRG-OS-000479-GPOS-00224,SRG-OS-000342-GPOS-00133
- stigid@rhel9: RHEL-09-652035
ocil_clause: 'it is not activated'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml
index 5452ddf4de4..6fb1ec38e97 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/rule.yml
@@ -34,7 +34,6 @@ references:
nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
srg: SRG-OS-000047-GPOS-00023
- stigid@rhel9: RHEL-09-653020
ocil_clause: 'there is no evidence of appropriate action'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml
index 8183e132124..966797ef186 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/rule.yml
@@ -34,7 +34,6 @@ references:
nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
srg: SRG-OS-000047-GPOS-00023
- stigid@rhel9: RHEL-09-653025
ocil_clause: there is no evidence of appropriate action
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 4fead191369..ea1c7f871d3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-030020
stigid@rhel7: RHEL-07-030350
stigid@rhel8: RHEL-08-030020
- stigid@rhel9: RHEL-09-653070
stigid@sle12: SLES-12-020040
stigid@sle15: SLES-15-030570
stigid@ubuntu2004: UBTU-20-010117
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
index c5cf57021cc..2a2097fbb1e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
@@ -47,9 +47,7 @@ references:
nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.7
- pcidss4: "10.5.1"
srg: SRG-OS-000343-GPOS-00134
- stigid@rhel9: RHEL-09-653050
ocil_clause: 'there is no evidence that real-time alerts are configured on the system'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
index 24c91de5a6e..55b39657b8d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
@@ -32,7 +32,6 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.7
srg: SRG-OS-000343-GPOS-00134
- stigid@rhel9: RHEL-09-653045
ocil_clause: 'the "admin_space_left" value is not configured to the correct value'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
index 1f6050a4b19..38aeec9280e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
@@ -37,7 +37,6 @@ identifiers:
cce@sle15: CCE-85778-9
references:
- ccn@rhel9: A.3.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@sle12: 4.1.2.2
cis@sle15: 4.1.2.2
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml
index 867765232c2..33936903102 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/rule.yml
@@ -45,7 +45,6 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.7
srg: SRG-OS-000047-GPOS-00023,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
- stigid@rhel9: RHEL-09-653055
ocil_clause: 'the value of the "max_log_file_action" option is not "ROTATE", "SINGLE", or the line is commented out, ask the system administrator to indicate how the system takes appropriate action when an audit storage volume is full. If there is no evidence of appropriate action'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
index 1a079ece7b5..ad161d87678 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
@@ -37,7 +37,6 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
nist@sle12: AU-5(1)
pcidss: Req-10.7
- pcidss4: "10.5.1"
srg: SRG-OS-000343-GPOS-00134
stigid@sle12: SLES-12-020030
stigid@sle15: SLES-15-030700
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 7d19c383e36..50554322285 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -53,13 +53,11 @@ references:
nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
pcidss: Req-10.7
- pcidss4: "10.5.1"
srg: SRG-OS-000343-GPOS-00134
stigid@ol7: OL07-00-030340
stigid@ol8: OL08-00-030731
stigid@rhel7: RHEL-07-030340
stigid@rhel8: RHEL-08-030731
- stigid@rhel9: RHEL-09-653040
stigid@ubuntu2004: UBTU-20-010217
ocil_clause: 'there is no evidence that real-time alerts are configured on the system'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
index 2b6acf03452..e0c0995e436 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
@@ -38,7 +38,6 @@ references:
stigid@ol8: OL08-00-030730
stigid@rhel7: RHEL-07-030330
stigid@rhel8: RHEL-08-030730
- stigid@rhel9: RHEL-09-653035
stigid@ubuntu2004: UBTU-20-010217
ocil_clause: 'the value of the "space_left" keyword is not set to {{{ xccdf_value("var_auditd_space_left_percentage") }}}% of the storage volume allocated to audit logs, or if the line is commented out, ask the System Administrator to indicate how the system is providing real-time alerts to the SA and ISSO. If the "space_left" value is not configured to the correct value'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml
index 21d9b8d5f85..e21dfbacf29 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/rule.yml
@@ -24,7 +24,6 @@ references:
nist: CM-6
ospp: FAU_GEN.1
srg: SRG-OS-000051-GPOS-00024
- stigid@rhel9: RHEL-09-653095
ocil_clause: freq isn't set to {{{ xccdf_value("var_auditd_freq") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
index e3a34e25b14..75590e720e2 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-030061
stigid@rhel8: RHEL-08-030061
- stigid@rhel9: RHEL-09-653075
ocil_clause: local_events isn't set to yes
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
index 9d19776db05..ef1666af111 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227,SRG-APP-000096-CTR-000175,SRG-APP-000097-CTR-000180,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
stigid@ol8: OL08-00-030063
stigid@rhel8: RHEL-08-030063
- stigid@rhel9: RHEL-09-653100
ocil_clause: log_format isn't set to ENRICHED
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
index 1806a3c3e67..45245f92352 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol8: OL08-00-030062
stigid@rhel7: RHEL-07-030211
stigid@rhel8: RHEL-08-030062
- stigid@rhel9: RHEL-09-653060
ocil_clause: name_format isn't set to {{{ xccdf_value("var_auditd_name_format") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
index bd0205d1fd8..a058b881c18 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
@@ -33,7 +33,6 @@ references:
stigid@ol8: OL08-00-030700
stigid@rhel7: RHEL-07-030210
stigid@rhel8: RHEL-08-030700
- stigid@rhel9: RHEL-09-653065
ocil_clause: 'auditd overflow action is not set correctly'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml
index 064e9ff3e3c..a095a5ae4fd 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/rule.yml
@@ -23,7 +23,6 @@ references:
nist: CM-6
ospp: FAU_STG.1
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-653105
ocil_clause: write_logs isn't set to yes
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index afdb6e2263d..916ba405fff 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -42,11 +42,9 @@ references:
nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
ospp: FAU_GEN.1
pcidss: Req-10.3
- pcidss4: '10.7.3'
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
stigid@ol8: OL08-00-030601
stigid@rhel8: RHEL-08-030601
- stigid@rhel9: RHEL-09-212055
stigid@ubuntu2004: UBTU-20-010198
ocil_clause: 'auditing is not enabled at boot time'
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index bc980c7dbd5..f725ae136a4 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -32,11 +32,9 @@ references:
disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001849,CCI-002884
nist: CM-6(a)
ospp: FAU_STG.1,FAU_STG.3
- pcidss4: '10.7.2'
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
stigid@ol8: OL08-00-030602
stigid@rhel8: RHEL-08-030602
- stigid@rhel9: RHEL-09-653120
ocil_clause: 'audit backlog limit is not configured'
diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
index 0dc13302051..876abce51df 100644
--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
@@ -20,9 +20,7 @@ identifiers:
references:
ospp: FMT_SMF_EXT.1
- pcidss4: '10.3.3'
srg: SRG-OS-000342-GPOS-00133
- stigid@rhel9: RHEL-09-653130
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
index 4b0d0affc0a..0a8e8663912 100644
--- a/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit-audispd-plugins_installed/rule.yml
@@ -21,7 +21,6 @@ references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
nist@sle12: AU-4(1)
pcidss: Req-10.5.3
- pcidss4: "10.3.3"
srg: SRG-OS-000342-GPOS-00133
stigid@sle12: SLES-12-020070
stigid@sle15: SLES-15-030670
diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index a6e155fc53e..1ca0b823376 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -28,11 +28,9 @@ references:
nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
ospp: FAU_GEN.1
pcidss: Req-10.1
- pcidss4: "10.2.1"
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
stigid@ol8: OL08-00-030180
stigid@rhel8: RHEL-08-030180
- stigid@rhel9: RHEL-09-653010
stigid@sle12: SLES-12-020000
stigid@sle15: SLES-15-030650
stigid@ubuntu2004: UBTU-20-010182
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index 58c751bbdbb..8b64da094d3 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -51,13 +51,11 @@ references:
nist@sle12: AU-3,AU-3(1),AU-3(1).1(ii),AU-3.1,AU-6(4),AU-6(4).1,AU-7(1),AU-7(1).1,AU-7(a),AU-14(1),AU-14(1).1,CM-6(b),CM-6.1(iv),MA-4(1)(a)
ospp: FAU_GEN.1
pcidss: Req-10.1
- pcidss4: "10.2.1"
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220,SRG-APP-000095-CTR-000170,SRG-APP-000409-CTR-000990,SRG-APP-000508-CTR-001300,SRG-APP-000510-CTR-001310
stigid@ol7: OL07-00-030000
stigid@ol8: OL08-00-030181
stigid@rhel7: RHEL-07-030000
stigid@rhel8: RHEL-08-030181
- stigid@rhel9: RHEL-09-653015
stigid@sle12: SLES-12-020010
stigid@sle15: SLES-15-030050
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
index bddcae5d039..b825403d18a 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040004
stigid@rhel8: RHEL-08-040004
- stigid@rhel9: RHEL-09-212050
ocil_clause: 'Kernel page-table isolation is not enabled'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
index 925e7a74ad8..4efcbd136ff 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010422
stigid@rhel8: RHEL-08-010422
- stigid@rhel9: RHEL-09-212035
ocil_clause: 'vsyscalls are enabled'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
index 9ddc60c982b..298ce4dc4e1 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-85849-8
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
@@ -38,9 +37,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-7.1
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-212025
ocil_clause: '{{{ ocil_clause_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
index 9ae5abc5dd5..7bb957b1c07 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@rhel9: CCE-86010-6
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cjis: 5.5.2.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
@@ -34,7 +33,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-7.1
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
ocil_clause: '{{{ ocil_clause_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}}'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
index fcc1cfad1f3..7c23cb63185 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-85848-0
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
@@ -38,9 +37,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-7.1
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-212030
ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}}'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
index 751f7de7a37..0995f1872ee 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@rhel9: CCE-86016-3
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cjis: 5.5.2.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
@@ -34,7 +33,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-7.1
- pcidss4: '2.2.6'
ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/user.cfg", owner="root") }}}'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
index a400ddee9aa..5ca63cc2961 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-91426-7
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
@@ -36,7 +35,6 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
index b6e786bde4e..3b9734c3227 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
@@ -19,7 +19,6 @@ identifiers:
cce@rhel9: CCE-86025-4
references:
- ccn@rhel9: A.6.SEC-RHEL2
cis-csc: 12,13,14,15,16,18,3,5
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
cui: 3.4.5
@@ -30,7 +29,6 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_boot_path ~ "/user.cfg", perms="-rw-------") }}}'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
index 1465a362513..f88ad2fb7da 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol8: OL08-00-010149
stigid@rhel7: RHEL-07-010483
stigid@rhel8: RHEL-08-010149
- stigid@rhel9: RHEL-09-212020
ocil_clause: 'superuser account is not set or is set to root, admin, administrator or any other existing user name'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index de3b485f140..c44db2f4462 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -46,7 +46,6 @@ identifiers:
cce@sle15: CCE-83274-1
references:
- ccn@rhel9: A.8.SEC-RHEL7
cis-csc: 1,11,12,14,15,16,18,3,5
cis@sle12: 1.5.1
cis@sle15: 1.5.1
@@ -67,7 +66,6 @@ references:
stigid@ol8: OL08-00-010150
stigid@rhel7: RHEL-07-010482
stigid@rhel8: RHEL-08-010150
- stigid@rhel9: RHEL-09-212010
stigid@sle12: SLES-12-010430
stigid@sle15: SLES-15-010190
stigid@ubuntu2004: UBTU-20-010009
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
index 923a9096d29..50ddd825a0b 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
@@ -38,7 +38,6 @@ references:
stigid@ol8: OL08-00-030010
stigid@rhel7: RHEL-07-021100
stigid@rhel8: RHEL-08-030010
- stigid@rhel9: RHEL-09-652060
ocil_clause: 'cron is not logging to rsyslog'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
index fe5623311fa..fa127e79c7c 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030720
stigid@rhel8: RHEL-08-030720
- stigid@rhel9: RHEL-09-652040
ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
index 7fb97b65f34..d15f2d79242 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030710
stigid@rhel8: RHEL-08-030710
- stigid@rhel9: RHEL-09-652045
ocil_clause: 'rsyslogd ActionSendStreamDriverMode is not set to 1'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
index 12c43f3dbc3..ba1095929be 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030710
stigid@rhel8: RHEL-08-030710
- stigid@rhel9: RHEL-09-652050
ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
index 8505af61923..147a9e532de 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/rule.yml
@@ -49,7 +49,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-10.5.1,Req-10.5.2
- pcidss4: '10.3.2'
ocil_clause: 'the group-owner is not correct'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
index abceb6f0a82..80183e5f259 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/rule.yml
@@ -63,7 +63,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-10.5.1,Req-10.5.2
- pcidss4: '10.3.2'
ocil_clause: 'the owner is not correct'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
index 59a3efaf622..2ca3df575fa 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/rule.yml
@@ -36,7 +36,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: CM-6(a),AC-6(1)
pcidss: Req-10.5.1,Req-10.5.2
- pcidss4: '10.3.1'
ocil_clause: 'the permissions are not correct'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
index 9db602a15c3..65bc51dfe91 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000032-GPOS-00013
stigid@ol8: OL08-00-010070
stigid@rhel8: RHEL-08-010070
- stigid@rhel9: RHEL-09-652030
stigid@ubuntu2004: UBTU-20-010403
ocil_clause: 'remote access methods are not logging to rsyslog'
diff --git a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
index 1db36875805..a5c8927b332 100644
--- a/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
+++ b/linux_os/guide/system/logging/journald/service_systemd-journald_enabled/rule.yml
@@ -22,7 +22,6 @@ references:
disa: CCI-001665
nist: SC-24
srg: SRG-OS-000269-GPOS-00103
- stigid@rhel9: RHEL-09-211040
ocil_clause: 'the systemd-journald service is not running'
diff --git a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
index 6c048112023..555492ed288 100644
--- a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
@@ -28,7 +28,6 @@ references:
nist: CM-6(a)
nist-csf: PR.PT-1
pcidss: Req-10.7
- pcidss4: '10.5.1'
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
index 7daa1fdd027..dc43eb78357 100644
--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
@@ -38,7 +38,6 @@ references:
nist: CM-6(a)
nist-csf: PR.PT-1
pcidss: Req-10.7
- pcidss4: '10.5.1'
ocil_clause: 'logrotate timer is not enabled'
diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
index 76f6e3d4364..a4f49a04874 100644
--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
@@ -30,7 +30,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-030680
stigid@rhel8: RHEL-08-030680
- stigid@rhel9: RHEL-09-652015
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
index bafa8a0dd2b..8f4b817e8aa 100644
--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-030670
stigid@rhel8: RHEL-08-030670
- stigid@rhel9: RHEL-09-652010
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index 17fb2bae0bd..a944ca50ec9 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -53,7 +53,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-031010
stigid@rhel7: RHEL-07-031010
- stigid@rhel9: RHEL-09-652025
ocil_clause: "rsyslog accepts remote messages and is not documented as a log aggregation system"
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index ad4ac8b894f..6a872bb2514 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -64,7 +64,6 @@ references:
stigid@ol8: OL08-00-030690
stigid@rhel7: RHEL-07-031000
stigid@rhel8: RHEL-08-030690
- stigid@rhel9: RHEL-09-652055
stigid@sle12: SLES-12-030340
stigid@sle15: SLES-15-010580
diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
index 0723ac5e713..ead08e7cb68 100644
--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010561
stigid@rhel8: RHEL-08-010561
- stigid@rhel9: RHEL-09-652020
stigid@ubuntu2004: UBTU-20-010432
ocil_clause: '{{{ ocil_clause_service_enabled(service="rsyslog") }}}'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
index 23204bae40e..c18b89c9eef 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000420-GPOS-00186
stigid@ol8: OL08-00-040150
stigid@rhel8: RHEL-08-040150
- stigid@rhel9: RHEL-09-251030
ocil_clause: 'the "nftables" is not set as the "firewallbackend"'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 9981fb8e109..36b27e13c72 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -36,7 +36,6 @@ references:
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040100
stigid@rhel8: RHEL-08-040100
- stigid@rhel9: RHEL-09-251010
stigid@sle15: SLES-15-010220
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index f8ea5e72b8e..f58c612c12b 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-85751-6
references:
- ccn@rhel9: A.8.SEC-RHEL3
cis-csc: 11,3,9
cis@sle15: 3.5.1.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
@@ -38,13 +37,11 @@ references:
nist-csf: PR.IP-1
nist@sle15: CM-7,CM-7.1(iii),CM-7(b),AC-17(1)
ospp: FMT_SMF_EXT.1
- pcidss4: "1.2.1"
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040101
stigid@rhel7: RHEL-07-040520
stigid@rhel8: RHEL-08-040101
- stigid@rhel9: RHEL-09-251015
stigid@sle15: SLES-15-010220
ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
index 99585778306..dd1d523c3d8 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
@@ -46,13 +46,11 @@ references:
iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
nist: AC-4,CM-7(b),CA-3(5),SC-7(21),CM-6(a)
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: "1.3.1"
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115
stigid@ol7: OL07-00-040100
stigid@ol8: OL08-00-040030
stigid@rhel7: RHEL-07-040100
stigid@rhel8: RHEL-08-040030
- stigid@rhel9: RHEL-09-251025
ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
index 4553964d247..2e4fa037203 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000297-GPOS-00115
stigid@ol8: OL08-00-040090
stigid@rhel8: RHEL-08-040090
- stigid@rhel9: RHEL-09-251020
ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
index b71fbf8bae0..83acc2c5e01 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml
@@ -19,7 +19,6 @@ identifiers:
references:
cis@sle15: 3.5.3.2.4,3.5.3.3.4
pcidss: Req-1.4
- pcidss4: '1.3.1,1.5.1'
ocil_clause: 'Verify all open ports listening on non-localhost addresses have at least one firewall rule.'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml
index f86c03a4c94..1222f81d41a 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml
@@ -32,9 +32,6 @@ identifiers:
cce@rhel8: CCE-87272-1
cce@rhel9: CCE-86137-7
-references:
- ccn@rhel9: A.8.SEC-RHEL3
- pcidss4: "1.4.1"
ocil_clause: 'loopback traffic is not restricted'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml
index 0b31e4329a1..010d52ab7a2 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml
@@ -24,9 +24,6 @@ identifiers:
cce@rhel8: CCE-87278-8
cce@rhel9: CCE-86116-1
-references:
- ccn@rhel9: A.8.SEC-RHEL3
- pcidss4: "1.4.1"
ocil_clause: 'loopback traffic is not trusted'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index e69e7d8ae9d..9df0c120881 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -28,7 +28,6 @@ identifiers:
cce@sle15: CCE-91410-1
references:
- ccn@rhel9: A.8.SEC-RHEL3
cis-csc: 11,14,3,9
cis@sle15: 3.5.1.4
cjis: 5.10.1
@@ -43,7 +42,6 @@ references:
nist-csf: PR.IP-1,PR.PT-3
ospp: FMT_MOF_EXT.1
pcidss: Req-1.4
- pcidss4: '1.3.1,1.5.1'
srg: SRG-OS-000480-GPOS-00227
stigid@rhel7: RHEL-07-040810
stigid@rhel8: RHEL-08-040090
diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
index d62cbd26b50..2cf33a51a8a 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040820
stigid@rhel7: RHEL-07-040820
- stigid@rhel9: RHEL-09-252045
ocil_clause: 'the IPSec tunnels are not approved'
diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
index 3c8b52e7b2f..69011ceaa82 100644
--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
@@ -35,7 +35,6 @@ references:
nist-csf: PR.AC-3,PR.MA-2,PR.PT-4
pcidss: Req-4.1
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
- stigid@rhel9: RHEL-09-252065
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
index 6157a1f1b65..b331ec4376f 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
@@ -42,7 +42,6 @@ references:
nerc-cip: CIP-003-8 R4,CIP-003-8 R5,CIP-004-6 R3
nist: AC-4,CM-7(b),CA-3(5),SC-7(21),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
- pcidss4: "1.4.1"
ocil_clause: 'the default policy for the INPUT chain is not set to DROP'
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
index 16c1c2426b0..0b732522102 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
@@ -29,7 +29,6 @@ references:
cis@ubuntu2004: 3.5.3.3.2
cis@ubuntu2204: 3.5.3.3.2
pcidss: Req-1.3
- pcidss4: "1.4.1"
warnings:
- general: |-
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
index afd765829b1..70138e6da14 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
@@ -30,7 +30,6 @@ references:
cis@ubuntu2004: 3.5.3.2.2
cis@ubuntu2204: 3.5.3.2.2
pcidss: Req-1.3
- pcidss4: "1.4.1"
warnings:
- general: |-
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
index 5f4d670488c..91c89e48440 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@sle15: CCE-92473-8
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 11,14,3,9
cis@sle12: 3.3.9
cis@sle15: 3.3.9
@@ -35,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040261
stigid@rhel8: RHEL-08-040261
- stigid@rhel9: RHEL-09-254010
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index a751b549b5b..ab1b748a328 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@sle15: CCE-85708-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 11,14,3,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
@@ -35,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040280
stigid@rhel8: RHEL-08-040280
- stigid@rhel9: RHEL-09-254015
stigid@sle12: SLES-12-030363
stigid@sle15: SLES-15-040341
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index e6700c3dbd0..e72a5746c2e 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-85649-2
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
@@ -45,7 +44,6 @@ references:
stigid@ol8: OL08-00-040240
stigid@rhel7: RHEL-07-040830
stigid@rhel8: RHEL-08-040240
- stigid@rhel9: RHEL-09-254020
stigid@sle12: SLES-12-030361
stigid@sle15: SLES-15-040310
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
index 0672bb8cca4..4e4740d6e45 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040260
stigid@rhel8: RHEL-08-040260
- stigid@rhel9: RHEL-09-254025
stigid@sle12: SLES-12-030364
stigid@sle15: SLES-15-040381
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
index f2e6323d829..10322ea8a5d 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@sle15: CCE-92474-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 11,14,3,9
cis@sle12: 3.3.9
cis@sle15: 3.3.9
@@ -35,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040262
stigid@rhel8: RHEL-08-040262
- stigid@rhel9: RHEL-09-254030
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index 620bda99b77..ba7b1168a7c 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -18,7 +18,6 @@ identifiers:
cce@sle15: CCE-85722-7
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 11,14,3,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
@@ -37,7 +36,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040210
stigid@rhel8: RHEL-08-040210
- stigid@rhel9: RHEL-09-254035
stigid@sle12: SLES-12-030401
stigid@sle15: SLES-15-040350
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index cc9138ce8de..5ead947297d 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-85653-4
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
@@ -41,11 +40,9 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),CM-6(b),CM-6.1(iv)
nist-csf: DE.AE-1,ID.AM-3,PR.AC-5,PR.DS-5,PR.PT-4
pcidss: Req-1.4.3
- pcidss4: '1.4.2'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040250
stigid@rhel8: RHEL-08-040250
- stigid@rhel9: RHEL-09-254040
stigid@sle12: SLES-12-030362
stigid@sle15: SLES-15-040321
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 23d10b73ed2..9791720a502 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -25,7 +25,6 @@ identifiers:
cce@sle15: CCE-85651-8
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
@@ -45,7 +44,6 @@ references:
stigid@ol8: OL08-00-040279
stigid@rhel7: RHEL-07-040641
stigid@rhel8: RHEL-08-040279
- stigid@rhel9: RHEL-09-253015
stigid@sle12: SLES-12-030390
stigid@sle15: SLES-15-040330
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index 92e0b64c358..65aa94003f0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-85648-4
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
@@ -46,7 +45,6 @@ references:
stigid@ol8: OL08-00-040239
stigid@rhel7: RHEL-07-040610
stigid@rhel8: RHEL-08-040239
- stigid@rhel9: RHEL-09-253020
stigid@sle12: SLES-12-030360
stigid@sle15: SLES-15-040300
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
index 5e49b1e1e3e..6f852e5e80e 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
@@ -23,7 +23,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040259
stigid@rhel8: RHEL-08-040259
- stigid@rhel9: RHEL-09-253075
ocil_clause: 'IP forwarding value is "1" and the system is not router'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
index 87566b6ca95..7ccfaf9eb6c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@sle15: CCE-91222-0
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.4
cis@sle15: 3.3.4
@@ -37,7 +36,6 @@ references:
nist: CM-7(a),CM-7(b),SC-5(3)(a)
nist-csf: DE.CM-1,PR.AC-3,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-253025
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.log_martians", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index 0a4a8e7e437..ba98de5617a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-91218-8
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.7
cis@sle15: 3.3.7
@@ -38,13 +37,11 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.PT-4
pcidss: Req-1.4.3
- pcidss4: '1.4.3'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040611
stigid@ol8: OL08-00-040285
stigid@rhel7: RHEL-07-040611
stigid@rhel8: RHEL-08-040285
- stigid@rhel9: RHEL-09-253035
ocil: |-
The runtime status of the net.ipv4.conf.all.rp_filter parameter can be queried
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index acfced00ff2..c6b7678fac6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-91220-4
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.3
cis@sle15: 3.3.3
@@ -36,7 +35,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
pcidss: Req-1.4.3
- pcidss4: '1.4.3'
srg: SRG-OS-000480-GPOS-00227
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.secure_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 21aa9fba3dd..682de458fb6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-85652-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.3
cis@sle15: 3.3.3
@@ -40,13 +39,11 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),SC-7(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
pcidss: Req-1.4.3
- pcidss4: '1.4.3'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040640
stigid@ol8: OL08-00-040209
stigid@rhel7: RHEL-07-040640
stigid@rhel8: RHEL-08-040209
- stigid@rhel9: RHEL-09-253040
stigid@sle12: SLES-12-030400
stigid@sle15: SLES-15-040340
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index 9068c381d95..798295502a1 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-85650-0
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
@@ -47,7 +46,6 @@ references:
stigid@ol8: OL08-00-040249
stigid@rhel7: RHEL-07-040620
stigid@rhel8: RHEL-08-040249
- stigid@rhel9: RHEL-09-253045
stigid@sle12: SLES-12-030370
stigid@sle15: SLES-15-040320
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
index ad19d77d39b..1e1a4fc2c06 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -22,7 +22,6 @@ identifiers:
cce@sle15: CCE-92482-9
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.4
cis@sle15: 3.3.4
@@ -37,7 +36,6 @@ references:
nist: CM-7(a),CM-7(b),SC-5(3)(a)
nist-csf: DE.CM-1,PR.AC-3,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-253030
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.log_martians", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
index 82f0cffa7c5..52dea2c2977 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-91219-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.7
cis@sle15: 3.3.7
@@ -40,7 +39,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040612
stigid@rhel7: RHEL-07-040612
- stigid@rhel9: RHEL-09-253050
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.rp_filter", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
index b972e210ef7..5efdf8fb136 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-91221-2
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index a18a1dff0fd..cff52565387 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-91243-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.5
cis@sle15: 3.3.5
@@ -40,13 +39,11 @@ references:
nist: CM-7(a),CM-7(b),SC-5
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
pcidss: Req-1.4.3
- pcidss4: '1.4.2'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040630
stigid@ol8: OL08-00-040230
stigid@rhel7: RHEL-07-040630
stigid@rhel8: RHEL-08-040230
- stigid@rhel9: RHEL-09-253055
stigid@sle12: SLES-12-030380
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index fff25323dc5..0974540f72d 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -20,7 +20,6 @@ identifiers:
cce@sle15: CCE-91224-6
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.6
cis@sle15: 3.3.6
@@ -35,9 +34,7 @@ references:
nist: CM-7(a),CM-7(b),SC-5
nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3
pcidss: Req-1.4.3
- pcidss4: '1.4.2'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-253060
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_ignore_bogus_error_responses", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index 7bb1ff115dd..fa092923274 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-83283-2
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.8
cis@sle15: 3.3.8
@@ -40,9 +39,7 @@ references:
nist: CM-7(a),CM-7(b),SC-5(1),SC-5(2),SC-5(3)(a),CM-6(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.PT-4
pcidss: Req-1.4.1
- pcidss4: '1.4.3'
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000420-GPOS-00186,SRG-OS-000142-GPOS-00071
- stigid@rhel9: RHEL-09-253010
stigid@sle12: SLES-12-030350
stigid@sle15: SLES-15-010310
stigid@ubuntu2004: UBTU-20-010412
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index 1dacaf9b0c3..a8b11cd1a68 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-85655-9
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.2.2
cis@sle15: 3.2.2
@@ -39,13 +38,11 @@ references:
nerc-cip: CIP-007-3 R4,CIP-007-3 R4.1,CIP-007-3 R4.2,CIP-007-3 R5.1
nist: CM-7(a),CM-7(b),SC-5,CM-6(a),SC-7(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: '1.4.5'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040660
stigid@ol8: OL08-00-040220
stigid@rhel7: RHEL-07-040660
stigid@rhel8: RHEL-08-040220
- stigid@rhel9: RHEL-09-253065
stigid@sle12: SLES-12-030420
stigid@sle15: SLES-15-040370
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index dd72a870d74..4eb52cc769b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -23,7 +23,6 @@ identifiers:
cce@sle15: CCE-85654-2
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.2.2
cis@sle15: 3.2.2
@@ -39,13 +38,11 @@ references:
nerc-cip: CIP-007-3 R4,CIP-007-3 R4.1,CIP-007-3 R4.2,CIP-007-3 R5.1
nist: CM-7(a),CM-7(b),SC-5,CM-6(a),SC-7(a)
nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
- pcidss4: '1.4.5'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040650
stigid@ol8: OL08-00-040270
stigid@rhel7: RHEL-07-040650
stigid@rhel8: RHEL-08-040270
- stigid@rhel9: RHEL-09-253070
stigid@sle12: SLES-12-030410
stigid@sle15: SLES-15-040360
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index 065e6e50af7..ab8da70351d 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -21,7 +21,6 @@ identifiers:
cce@sle15: CCE-85709-4
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.2.1
cis@sle15: 3.2.1
@@ -38,7 +37,6 @@ references:
nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4
nist@sle15: CM-6(b),CM-6.1(iv)
pcidss: Req-1.3.1,Req-1.3.2
- pcidss4: '1.4.3'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040740
stigid@rhel7: RHEL-07-040740
diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
index 73943f83c0a..0dd58d347f0 100644
--- a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
@@ -24,7 +24,6 @@ references:
cis@sle15: 3.5.2.8
cis@ubuntu2004: 3.5.2.8
cis@ubuntu2204: 3.5.2.8
- pcidss4: '1.3.1'
ocil_clause: 'default policy is not set for nftables rules'
diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
index 43923b93615..b6c0f0bef6d 100644
--- a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
@@ -27,7 +27,6 @@ references:
cis@sle15: 3.5.2.1
cis@ubuntu2004: 3.5.2.1
cis@ubuntu2204: 3.5.2.1
- pcidss4: '1.2.1'
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
index 7416db918d8..34a1e50700b 100644
--- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
@@ -22,11 +22,9 @@ identifiers:
cce@sle15: CCE-92529-7
references:
- ccn@rhel9: A.8.SEC-RHEL3
cis@sle15: 3.5.1.2
cis@ubuntu2004: 3.5.3.1.2
cis@ubuntu2204: 3.5.3.1.2
- pcidss4: "1.2.1"
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="nftables") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
index 5bf60eb1205..9e964b77084 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040021
stigid@rhel8: RHEL-08-040021
- stigid@rhel9: RHEL-09-213045
{{{ complete_ocil_entry_module_disable(module="atm") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
index 7f951a26939..9e67a0f529c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040022
stigid@rhel8: RHEL-08-040022
- stigid@rhel9: RHEL-09-213050
{{{ complete_ocil_entry_module_disable(module="can") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
index 1424e8f8da4..34fe0539f7c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -38,7 +38,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
pcidss: Req-1.4.2
- pcidss4: "1.4.2"
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000378-GPOS-00163
stigid@ol7: OL07-00-020101
stigid@rhel7: RHEL-07-020101
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
index 2af5055af39..2d88048319d 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040026
stigid@rhel8: RHEL-08-040026
- stigid@rhel9: RHEL-09-213055
{{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index 754077258c5..4a07631b4c9 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -40,11 +40,9 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.IP-1,PR.PT-3
pcidss: Req-1.4.2
- pcidss4: "1.4.2"
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040023
stigid@rhel8: RHEL-08-040023
- stigid@rhel9: RHEL-09-213060
{{{ complete_ocil_entry_module_disable(module="sctp") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
index 6f11ed5a363..8dc3c982ff7 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040024
stigid@rhel8: RHEL-08-040024
- stigid@rhel9: RHEL-09-213065
{{{ complete_ocil_entry_module_disable(module="tipc") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
index ebeb377a94a..18eb627e6c4 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
@@ -37,7 +37,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
stigid@ol8: OL08-00-040111
stigid@rhel8: RHEL-08-040111
- stigid@rhel9: RHEL-09-291035
{{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 637b5520559..32675c9769e 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -55,13 +55,11 @@ references:
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
nist@sle12: AC-18(1),SC-8
pcidss: Req-1.3.3
- pcidss4: '1.3.3,2.3'
srg: SRG-OS-000299-GPOS-00117,SRG-OS-000300-GPOS-00118,SRG-OS-000424-GPOS-00188,SRG-OS-000481-GPOS-000481
stigid@ol7: OL07-00-041010
stigid@ol8: OL08-00-040110
stigid@rhel7: RHEL-07-041010
stigid@rhel8: RHEL-08-040110
- stigid@rhel9: RHEL-09-291040
stigid@sle12: SLES-12-030450
stigid@sle15: SLES-15-010380
stigid@ubuntu2004: UBTU-20-010455
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
index a9dc1b633c7..93db24be0c3 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
@@ -54,7 +54,6 @@ references:
stigid@ol8: OL08-00-010680
stigid@rhel7: RHEL-07-040600
stigid@rhel8: RHEL-08-010680
- stigid@rhel9: RHEL-09-252035
ocil_clause: 'less than two lines are returned that are not commented out'
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
index beedd4e54cb..885f14bbec7 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
@@ -39,7 +39,6 @@ references:
cui: 3.1.16
ism: 0418,1055,1402
nist: AC-18(4),CM-6(a)
- pcidss4: '1.2.8'
ocil_clause: 'non-privileged users can modify or change network settings'
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 08e686c80cb..ff68190cb6c 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -42,13 +42,11 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),CM-7(2),MA-3
nist-csf: DE.DP-5,ID.AM-1,PR.IP-1,PR.MA-1,PR.PT-3
nist@sle12: CM-6(b)
- pcidss4: '1.4.5'
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040670
stigid@ol8: OL08-00-040330
stigid@rhel7: RHEL-07-040670
stigid@rhel8: RHEL-08-040330
- stigid@rhel9: RHEL-09-251040
stigid@sle12: SLES-12-030440
stigid@sle15: SLES-15-040390
diff --git a/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml b/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml
index 8f315f73059..ad0aa4c963d 100644
--- a/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml
+++ b/linux_os/guide/system/network/networkmanager/networkmanager_dns_mode/rule.yml
@@ -19,7 +19,6 @@ references:
disa: CCI-000366
nist: CM-6(b)
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-252040
ocil_clause: 'the dns key under main does not exist or is not set to "none" or "default"'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
index aba6965df5b..db3b86f2f21 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
@@ -26,7 +26,6 @@ references:
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069
stigid@rhel8: RHEL-08-010700
- stigid@rhel9: RHEL-09-232240
ocil_clause: 'there are world-writable directories not owned by root'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index f4e5bc2a2ae..03d331b1437 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -48,11 +48,9 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '2.2.6'
srg: SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010190
stigid@rhel8: RHEL-08-010190
- stigid@rhel9: RHEL-09-232245
stigid@sle12: SLES-12-010460
stigid@sle15: SLES-15-010300
stigid@ubuntu2004: UBTU-20-010411
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
index d692cae8084..962ab360e44 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
stigid@rhel8: RHEL-08-030610
- stigid@rhel9: RHEL-09-653115
stigid@ubuntu2004: UBTU-20-010133
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/auditd.conf", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
index 19606408d96..4947980be18 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
stigid@rhel8: RHEL-08-030610
- stigid@rhel9: RHEL-09-653110
stigid@ubuntu2004: UBTU-20-010133
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/rules.d/*.rules", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
index fa28982f37a..cf955e077ff 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
@@ -36,7 +36,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: "2.2.6"
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 3f4a30d6bcd..1e2f7f2b017 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -44,13 +44,11 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020330
stigid@ol8: OL08-00-010790
stigid@rhel7: RHEL-07-020330
stigid@rhel8: RHEL-08-010790
- stigid@rhel9: RHEL-09-232250
stigid@sle12: SLES-12-010700
stigid@sle15: SLES-15-040410
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 55f2bbb07eb..93ec22b3556 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -43,13 +43,11 @@ references:
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3
- pcidss4: "2.2.6"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020320
stigid@ol8: OL08-00-010780
stigid@rhel7: RHEL-07-020320
stigid@rhel8: RHEL-08-010780
- stigid@rhel9: RHEL-09-232255
stigid@sle12: SLES-12-010690
stigid@sle15: SLES-15-040400
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
index 051e5876c89..5b38b6f00e8 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
@@ -26,9 +26,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232105
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/group-", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
index 31120343e1b..3a02ed25de7 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
@@ -31,9 +31,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7
- pcidss4: "7.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232125
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/gshadow-", group=target_group) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
index 109592bf25b..197ba4f8e30 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
@@ -26,9 +26,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232145
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/passwd-", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
index 6976b23b061..98cfa55fefd 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
@@ -30,9 +30,7 @@ references:
cis@ubuntu2004: 6.1.7
cis@ubuntu2204: 6.1.6
pcidss: Req-8.7
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232165
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/shadow-", group=target_group) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
index 19d6fa658f7..35df43fbd21 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
@@ -32,9 +32,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232095
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/group", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
index 1ae9417abc4..4ac15c18868 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
@@ -37,7 +37,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232115
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/gshadow", group=target_group) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
index 22ff0058762..8fcb22c7c16 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
@@ -32,9 +32,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232135
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/passwd", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
index cd387b2e381..20532dc4a6b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
@@ -38,9 +38,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232155
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/shadow", group=target_group) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
index 45b372001c2..c1fcf40cf9b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
@@ -26,9 +26,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232100
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/group-", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
index 9eea3bd88fa..f811c1d4ba0 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
@@ -25,9 +25,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7
- pcidss4: "7.2.6"
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232120
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/gshadow-", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
index 02dbc6b10d2..65d5b9497a9 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
@@ -26,9 +26,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232140
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/passwd-", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
index 3c307286939..9014961478b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
@@ -26,9 +26,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232160
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/shadow-", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
index 1134fb66744..fa791f7dd31 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
@@ -33,9 +33,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232090
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/group", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
index 5db3f8cc2cf..6bcf5e4247d 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
@@ -32,7 +32,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232110
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/gshadow", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
index 07cc30a9699..818b30b2b62 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
@@ -33,9 +33,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232130
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/passwd", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
index bc4fe7959b9..b796ed2bc76 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
@@ -36,9 +36,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232150
ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/shadow", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
index 3e397232548..536cb651c6a 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
@@ -27,9 +27,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232060
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/group-", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
index 215cf550dcf..81e55625b87 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
@@ -34,7 +34,6 @@ references:
disa: CCI-002223
nist: AC-6 (1)
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232070
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/gshadow-", perms=target_perms) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
index 3118c1e6f93..046f971d48d 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
@@ -27,9 +27,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232080
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/passwd-", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
index 565f0245089..a36b7e267ad 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
@@ -35,9 +35,7 @@ references:
disa: CCI-002223
nist: AC-6 (1)
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232085
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/shadow-", perms=target_perms) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
index 84dd2a775b1..8ff1e74e79c 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
@@ -34,9 +34,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232055
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/group", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
index c4c1afeb654..69061c28bca 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
@@ -41,7 +41,6 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232065
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/gshadow", perms=target_perms) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
index 330c34bfd1a..37da6682147 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
@@ -36,9 +36,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232075
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/passwd", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
index ec264f4e898..15e54252086 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
@@ -45,9 +45,7 @@ references:
nist: CM-6(a),AC-6(1)
nist-csf: PR.AC-4,PR.DS-5
pcidss: Req-8.7.c
- pcidss4: '2.2.6'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-232270
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/shadow", perms=target_perms) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
index be02278c915..ad4a197cfec 100644
--- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
@@ -37,7 +37,6 @@ references:
disa: CCI-001312
nist: SI-11(a),SI-11(b),SI-11.1(iii)
nist-csf: PR.AC-4,PR.DS-5
- pcidss4: '10.3.1'
srg: SRG-OS-000205-GPOS-00083
stigid@sle15: SLES-15-010340
stigid@ubuntu2004: UBTU-20-010416
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
index 8c520480664..aff9b4912e2 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010260
stigid@rhel8: RHEL-08-010260
- stigid@rhel9: RHEL-09-232175
stigid@ubuntu2004: UBTU-20-010417
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
index 8e4b7d00c53..797bfafc393 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
@@ -19,7 +19,6 @@ references:
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010230
stigid@rhel8: RHEL-08-010230
- stigid@rhel9: RHEL-09-232185
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
index 5870e7e270c..f81fce93ec7 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
@@ -21,7 +21,6 @@ references:
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010250
stigid@rhel8: RHEL-08-010250
- stigid@rhel9: RHEL-09-232170
stigid@ubuntu2004: UBTU-20-010418
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
index a286eff798e..f0d63e3617d 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
@@ -19,7 +19,6 @@ references:
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010220
stigid@rhel8: RHEL-08-010220
- stigid@rhel9: RHEL-09-232180
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
index abf9a202e49..d410e306421 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
@@ -22,7 +22,6 @@ references:
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010240
stigid@rhel8: RHEL-08-010240
- stigid@rhel9: RHEL-09-232025
stigid@ubuntu2004: UBTU-20-010419
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
index b92a282820a..d0cded9af7a 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
@@ -20,7 +20,6 @@ references:
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010210
stigid@rhel8: RHEL-08-010210
- stigid@rhel9: RHEL-09-232030
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
index 6b98f1d5137..024cba28940 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
@@ -39,7 +39,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010351
stigid@rhel8: RHEL-08-010351
- stigid@rhel9: RHEL-09-232215
stigid@sle12: SLES-12-010876
stigid@sle15: SLES-15-010356
stigid@ubuntu2004: UBTU-20-010431
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
index d69dcf07e9e..c5d67497f83 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010341
stigid@rhel8: RHEL-08-010341
- stigid@rhel9: RHEL-09-232210
stigid@sle12: SLES-12-010874
stigid@sle15: SLES-15-010354
stigid@ubuntu2004: UBTU-20-010429
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
index 5e9aeae2b8e..68230eb4b07 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010331
stigid@rhel8: RHEL-08-010331
- stigid@rhel9: RHEL-09-232015
stigid@sle12: SLES-12-010872
stigid@sle15: SLES-15-010352
stigid@ubuntu2004: UBTU-20-010427
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
index 57435e380b8..e05290f46f2 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010320
stigid@rhel8: RHEL-08-010320
- stigid@rhel9: RHEL-09-232195
stigid@sle12: SLES-12-010882
stigid@sle15: SLES-15-010361
stigid@ubuntu2004: UBTU-20-010458
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
index 7350927874e..5854f5308ff 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
@@ -44,7 +44,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010310
stigid@rhel8: RHEL-08-010310
- stigid@rhel9: RHEL-09-232190
stigid@sle12: SLES-12-010879
stigid@sle15: SLES-15-010359
stigid@ubuntu2004: UBTU-20-010457
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
index c02b4c8964e..bc1f3caff06 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010340
stigid@rhel8: RHEL-08-010340
- stigid@rhel9: RHEL-09-232200
stigid@sle12: SLES-12-010873
stigid@sle15: SLES-15-010353
stigid@ubuntu2004: UBTU-20-010428
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
index 2a3e521fa79..aed33a4940c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
@@ -44,7 +44,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010300
stigid@rhel8: RHEL-08-010300
- stigid@rhel9: RHEL-09-232010
stigid@sle12: SLES-12-010878
stigid@sle15: SLES-15-010358
stigid@ubuntu2004: UBTU-20-010456
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
index 12d8448a772..f497a602af1 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010330
stigid@rhel8: RHEL-08-010330
- stigid@rhel9: RHEL-09-232020
stigid@sle12: SLES-12-010871
stigid@sle15: SLES-15-010351
stigid@ubuntu2004: UBTU-20-010426
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
index db7cf42de40..1a618dbd5e8 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
@@ -43,7 +43,6 @@ references:
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010350
stigid@rhel8: RHEL-08-010350
- stigid@rhel9: RHEL-09-232205
stigid@sle12: SLES-12-010875
stigid@sle15: SLES-15-010355
stigid@ubuntu2004: UBTU-20-010430
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
index 6a00d4426f5..700a0395c98 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010374
stigid@rhel8: RHEL-08-010374
- stigid@rhel9: RHEL-09-213030
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
index 83114ea9f86..71e64e91ad0 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010373
stigid@rhel8: RHEL-08-010373
- stigid@rhel9: RHEL-09-213035
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index b9ecec35c82..bf2db68f442 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -46,7 +46,6 @@ references:
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040025
stigid@rhel8: RHEL-08-040025
- stigid@rhel9: RHEL-09-231195
{{{ complete_ocil_entry_module_disable(module="cramfs") }}}
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 7eebf6f0e3c..1d78680149b 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -29,7 +29,6 @@ identifiers:
cce@sle15: CCE-92452-2
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.1
cis@sle15: 1.1.1.1
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
index 4901b89866a..23c9387fd95 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
@@ -30,7 +30,6 @@ identifiers:
cce@sle15: CCE-92453-0
references:
- ccn@rhel9: A.8.SEC-RHEL4
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.2
cis@sle15: 1.1.1.2
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index 95b86092335..be55b136b64 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-83294-9
references:
- ccn@rhel9: A.15.SEC-RHEL1
cis-csc: 1,12,15,16,5
cis@sle12: 1.1.23
cis@sle15: 1.1.23
@@ -41,13 +40,11 @@ references:
iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.18.1.4,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3
nist: CM-7(a),CM-7(b),CM-6(a),MP-7
nist-csf: PR.AC-1,PR.AC-3,PR.AC-6,PR.AC-7
- pcidss4: '3.4.2'
srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227,SRG-APP-000141-CTR-000315
stigid@ol7: OL07-00-020100
stigid@ol8: OL08-00-040080
stigid@rhel7: RHEL-07-020100
stigid@rhel8: RHEL-08-040080
- stigid@rhel9: RHEL-09-291010
stigid@sle12: SLES-12-010580
stigid@sle15: SLES-15-010480
stigid@ubuntu2004: UBTU-20-010461
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index 2578199ee00..1c010dfcdbf 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -52,7 +52,6 @@ references:
stigid@ol8: OL08-00-040070
stigid@rhel7: RHEL-07-020110
stigid@rhel8: RHEL-08-040070
- stigid@rhel9: RHEL-09-231040
stigid@sle12: SLES-12-010590
stigid@sle15: SLES-15-010240
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
index 1142ad726db..d9662e1ea0c 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010572
stigid@rhel8: RHEL-08-010572
- stigid@rhel9: RHEL-09-231105
platform: machine and uefi
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
index c02e68ebd76..72b0ff46d54 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
@@ -29,7 +29,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
- stigid@rhel9: RHEL-09-231095
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
index fa707e3a0b5..1bb39096e5d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010571
stigid@rhel8: RHEL-08-010571
- stigid@rhel9: RHEL-09-231100
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
index a0d81048675..8f73d51d706 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol8: OL08-00-040120
stigid@rhel7: RHEL-07-021024
stigid@rhel8: RHEL-08-040120
- stigid@rhel9: RHEL-09-231110
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index 98180e5f405..03bc693177d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -46,7 +46,6 @@ references:
stigid@ol8: OL08-00-040122
stigid@rhel7: RHEL-07-021024
stigid@rhel8: RHEL-08-040122
- stigid@rhel9: RHEL-09-231115
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
index 5a59ba11010..c3c461062f9 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol8: OL08-00-040121
stigid@rhel7: RHEL-07-021024
stigid@rhel8: RHEL-08-040121
- stigid@rhel9: RHEL-09-231120
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
index 4643938de12..4eeeeb70171 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
@@ -34,7 +34,6 @@ references:
cis@ubuntu2004: 1.1.18
cis@ubuntu2204: 1.1.7.2
srg: SRG-OS-000368-GPOS-00154
- stigid@rhel9: RHEL-09-231045
platform: machine and mount[home]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
index 168a9d9ccf5..1e498336154 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010590
stigid@rhel8: RHEL-08-010590
- stigid@rhel9: RHEL-09-231055
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
index bd6bbce219f..459a0e374ad 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
@@ -38,7 +38,6 @@ references:
stigid@ol8: OL08-00-010570
stigid@rhel7: RHEL-07-021000
stigid@rhel8: RHEL-08-010570
- stigid@rhel9: RHEL-09-231050
stigid@sle12: SLES-12-010790
stigid@sle15: SLES-15-040140
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
index fca19b0e23d..3726a39ace8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
@@ -46,7 +46,6 @@ references:
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010580
stigid@rhel8: RHEL-08-010580
- stigid@rhel9: RHEL-09-231200
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index 0953a8494a2..af40d2c2b86 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -43,7 +43,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010600
stigid@rhel8: RHEL-08-010600
- stigid@rhel9: RHEL-09-231085
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index 96823f8b672..dac1e7d7957 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -40,7 +40,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010610
stigid@rhel8: RHEL-08-010610
- stigid@rhel9: RHEL-09-231080
ocil_clause: 'removable media partitions are present'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index 19fc990dbb9..8b2c88bfffc 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol8: OL08-00-010620
stigid@rhel7: RHEL-07-021010
stigid@rhel8: RHEL-08-010620
- stigid@rhel9: RHEL-09-231090
stigid@sle12: SLES-12-010800
stigid@sle15: SLES-15-040150
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
index c88a840ad83..9338aedd271 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040123
stigid@rhel8: RHEL-08-040123
- stigid@rhel9: RHEL-09-231125
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
index db7201585ec..56c79354da5 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
@@ -41,7 +41,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040125
stigid@rhel8: RHEL-08-040125
- stigid@rhel9: RHEL-09-231130
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
index ed62bd1ea9e..08290929120 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040124
stigid@rhel8: RHEL-08-040124
- stigid@rhel9: RHEL-09-231135
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
index ca149e388b0..ea4dd8c7416 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040129
stigid@rhel8: RHEL-08-040129
- stigid@rhel9: RHEL-09-231160
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
index ee508b497ad..fce0aef7c4d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040131
stigid@rhel8: RHEL-08-040131
- stigid@rhel9: RHEL-09-231165
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
index db1c800b376..e891b54f6ac 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040130
stigid@rhel8: RHEL-08-040130
- stigid@rhel9: RHEL-09-231170
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
index 387f69fae24..ecd4d94eb32 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040126
stigid@rhel8: RHEL-08-040126
- stigid@rhel9: RHEL-09-231145
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
index 46a2fc28040..6aa87c2ac05 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040128
stigid@rhel8: RHEL-08-040128
- stigid@rhel9: RHEL-09-231150
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
index 5b172b6e281..488af6a67b8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040127
stigid@rhel8: RHEL-08-040127
- stigid@rhel9: RHEL-09-231155
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
index a900a1d6923..76d0efeb960 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
@@ -30,7 +30,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
- stigid@rhel9: RHEL-09-231140
platform: machine and mount[var]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
index 3ddc9b4fbfc..ea4ee4dec99 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040132
stigid@rhel8: RHEL-08-040132
- stigid@rhel9: RHEL-09-231175
platforms:
- machine and mount[var-tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
index 1ff95747d3e..d0bf35fb921 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040134
stigid@rhel8: RHEL-08-040134
- stigid@rhel9: RHEL-09-231180
platform: machine and mount[var-tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
index 3241cc5ac00..13f644ccc9d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040133
stigid@rhel8: RHEL-08-040133
- stigid@rhel9: RHEL-09-231185
platform: machine and mount[var-tmp]
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index 117cf17b532..c1cc421f4a3 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -37,11 +37,9 @@ references:
nist: CM-6
ospp: FMT_SMF_EXT.1
pcidss: Req-3.2
- pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010675
stigid@rhel8: RHEL-08-010675
- stigid@rhel9: RHEL-09-213085
ocil_clause: 'the "ProcessSizeMax" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index d00c15ccd90..c025dcf1f8f 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -37,11 +37,9 @@ references:
nist: CM-6
ospp: FMT_SMF_EXT.1
pcidss: Req-3.2
- pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010674
stigid@rhel8: RHEL-08-010674
- stigid@rhel9: RHEL-09-213090
ocil_clause: Storage is not set to none or is commented out and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index 1babd37b333..92b9cc0040d 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -36,11 +36,9 @@ references:
iso27001-2013: A.12.1.3,A.17.2.1
nist: CM-6,SC-7(10)
nist-csf: DE.CM-1,PR.DS-4
- pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010673
stigid@rhel8: RHEL-08-010673
- stigid@rhel9: RHEL-09-213095
ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index 5f34c7ff963..ce94d2c8f1c 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010672
stigid@rhel8: RHEL-08-010672
- stigid@rhel9: RHEL-09-213100
ocil_clause: unit systemd-coredump.socket is not masked or running
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
index 0e5dce8093a..5a66c9530c5 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
@@ -21,14 +21,12 @@ identifiers:
cce@sle15: CCE-91447-3
references:
- ccn@rhel9: A.8.SEC-RHEL6
cis@sle12: 1.6.1
cis@sle15: 1.6.1
cis@ubuntu2004: 1.6.4
cis@ubuntu2204: 1.5.4
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e)
nist: SI-11(a),SI-11(b)
- pcidss4: '3.3.1'
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.suid_dumpable", value="0") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
index 7baf9312564..92dc9907df0 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
@@ -45,7 +45,6 @@ references:
nist: SC-39,CM-6(a)
nist-csf: PR.PT-4
srg: SRG-OS-000433-GPOS-00192
- stigid@rhel9: RHEL-09-213110
ocil_clause: 'ExecShield is not supported by the hardware, is not enabled, or has been disabled by the kernel configuration.'
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
index 9a8a45e5d33..5c72d139fd2 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
@@ -28,7 +28,6 @@ references:
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040283
stigid@rhel8: RHEL-08-040283
- stigid@rhel9: RHEL-09-213025
stigid@sle12: SLES-12-030320
stigid@sle15: SLES-15-010540
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
index e932da894b6..0c11fb5073e 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
@@ -33,13 +33,11 @@ references:
nerc-cip: CIP-002-5 R1.1,CIP-002-5 R1.2,CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 4.1,CIP-004-6 4.2,CIP-004-6 R2.2.3,CIP-004-6 R2.2.4,CIP-004-6 R2.3,CIP-004-6 R4,CIP-005-6 R1,CIP-005-6 R1.1,CIP-005-6 R1.2,CIP-007-3 R3,CIP-007-3 R3.1,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.1.3,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R8.4,CIP-009-6 R.1.1,CIP-009-6 R4
nist: SC-30,SC-30(2),CM-6(a)
pcidss: Req-2.2.1
- pcidss4: '3.3.1'
srg: SRG-OS-000433-GPOS-00193,SRG-OS-000480-GPOS-00227,SRG-APP-000450-CTR-001105
stigid@ol7: OL07-00-040201
stigid@ol8: OL08-00-010430
stigid@rhel7: RHEL-07-040201
stigid@rhel8: RHEL-08-010430
- stigid@rhel9: RHEL-09-213070
stigid@sle12: SLES-12-030330
stigid@sle15: SLES-15-010550
stigid@ubuntu2004: UBTU-20-010448
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
index 0c078dd88c0..74f85aafdfa 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -35,7 +35,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
nist: SC-39,CM-6(a)
nist-csf: PR.IP-1
- pcidss4: "2.2.1"
srg: SRG-OS-000433-GPOS-00192,SRG-APP-000450-CTR-001105
stigid@ol8: OL08-00-010420
stigid@rhel8: RHEL-08-010420
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
index ff1cd725f1b..a8624717ad0 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
@@ -38,7 +38,6 @@ references:
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
nist: CM-6(a)
nist-csf: PR.IP-1
- pcidss4: "2.2.1"
warnings:
- hardware: |-
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index c714236de24..19d939209a5 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010421
stigid@rhel8: RHEL-08-010421
- stigid@rhel9: RHEL-09-212040
ocil_clause: 'page allocator poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index b06a8795be9..2908f92129f 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010423
stigid@rhel8: RHEL-08-010423
- stigid@rhel9: RHEL-09-212045
ocil_clause: 'SLUB/SLAB poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
index abcf132fd2a..ebebdebb1ce 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -26,11 +26,9 @@ references:
disa: CCI-000366
nist: SC-7(10)
ospp: FMT_SMF_EXT.1
- pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010671
stigid@rhel8: RHEL-08-010671
- stigid@rhel9: RHEL-09-213040
ocil_clause: |-
the returned line does not have a value of "|/bin/false", or a line is not
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
index 8b1982ce3b3..bbdc36a61f1 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
@@ -29,7 +29,6 @@ references:
stigid@ol8: OL08-00-010375
stigid@rhel7: RHEL-07-010375
stigid@rhel8: RHEL-08-010375
- stigid@rhel9: RHEL-09-213010
stigid@sle12: SLES-12-010375
stigid@sle15: SLES-15-010375
stigid@ubuntu2004: UBTU-20-010401
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
index d666f6ad1d3..7950162d8f5 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
@@ -23,7 +23,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
stigid@ol8: OL08-00-010372
stigid@rhel8: RHEL-08-010372
- stigid@rhel9: RHEL-09-213020
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
index aad9da84e64..a35a76356f6 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
@@ -25,7 +25,6 @@ references:
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600
stigid@ol8: OL08-00-010376
stigid@rhel8: RHEL-08-010376
- stigid@rhel9: RHEL-09-213015
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
index e71cfe687e9..7fe35df14a5 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040281
stigid@rhel8: RHEL-08-040281
- stigid@rhel9: RHEL-09-213075
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
index 4ae9d356187..5e169c50500 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040282
stigid@rhel8: RHEL-08-040282
- stigid@rhel9: RHEL-09-213080
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index 868a57710b1..8b23c9a3ea5 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040286
stigid@rhel8: RHEL-08-040286
- stigid@rhel9: RHEL-09-251045
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
index 5e2508b9d18..d1af3ca195b 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040284
stigid@rhel8: RHEL-08-040284
- stigid@rhel9: RHEL-09-213105
ocil: |
Verify that {{{ full_name }}} disables the use of user namespaces with the following commands:
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
index 85527a22524..4570d970ad9 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@sle15: CCE-91443-2
references:
- ccn@rhel9: A.6.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
@@ -36,7 +35,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
nist: AC-3,AC-3(3)(a)
nist-csf: DE.AE-1,ID.AM-3,PR.AC-4,PR.AC-5,PR.AC-6,PR.DS-5,PR.PT-1,PR.PT-3,PR.PT-4
- pcidss4: '1.2.6'
platform: grub2
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
index 6fb4e863376..5c470d72fd8 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
@@ -20,9 +20,6 @@ identifiers:
cce@rhel9: CCE-84069-4
cce@sle15: CCE-92490-2
-references:
- ccn@rhel9: A.6.SEC-RHEL1
- pcidss4: '1.2.6'
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
index d07729af4ce..190ba71bf1f 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
@@ -18,7 +18,6 @@ identifiers:
references:
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-431030
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index c9bddfefc24..40f37f68e60 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010171
stigid@rhel8: RHEL-08-010171
- stigid@rhel9: RHEL-09-431025
ocil_clause: 'the policycoreutils package is not installed'
diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
index 0c202be77d5..28b2ad0e9a4 100644
--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
@@ -40,7 +40,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020900
stigid@rhel7: RHEL-07-020900
- stigid@rhel9: RHEL-09-232260
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
index a2b929732a8..d59d090adcb 100644
--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
@@ -37,7 +37,6 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: CM-7(a),CM-7(b),CM-6(a),AC-3(3)(a),AC-6
nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1,PR.PT-3
- pcidss4: '1.2.6'
ocil_clause: 'There are unconfined daemons running on the system'
diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
index d816779df29..1899fe42223 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
@@ -35,7 +35,6 @@ identifiers:
cce@sle15: CCE-91445-7
references:
- ccn@rhel9: A.6.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
@@ -47,13 +46,11 @@ references:
nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.2,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-004-6 R3.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3,CIP-007-3 R6.5
nist: AC-3,AC-3(3)(a),AU-9,SC-7(21)
nist-csf: DE.AE-1,ID.AM-3,PR.AC-4,PR.AC-5,PR.AC-6,PR.DS-5,PR.PT-1,PR.PT-3,PR.PT-4
- pcidss4: '1.2.6'
srg: SRG-OS-000445-GPOS-00199,SRG-APP-000233-CTR-000585
stigid@ol7: OL07-00-020220
stigid@ol8: OL08-00-010450
stigid@rhel7: RHEL-07-020220
stigid@rhel8: RHEL-08-010450
- stigid@rhel9: RHEL-09-431015
ocil_clause: 'the loaded policy name is not "{{{ xccdf_value("var_selinux_policy_name") }}}"'
diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
index e377ce854f9..7506764380a 100644
--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
@@ -28,7 +28,6 @@ identifiers:
cce@sle15: CCE-91446-5
references:
- ccn@rhel9: A.6.SEC-RHEL1
cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9
cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01
cui: 3.1.2,3.7.2
@@ -45,7 +44,6 @@ references:
stigid@ol8: OL08-00-010170
stigid@rhel7: RHEL-07-020210
stigid@rhel8: RHEL-08-010170
- stigid@rhel9: RHEL-09-431010
ocil_clause: 'SELINUX is not set to enforcing'
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
index 3c73b4cdee9..340b76d1a6a 100644
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -61,7 +61,6 @@ identifiers:
cce@sle15: CCE-85719-3
references:
- ccn@rhel9: A.25.SEC-RHEL1,A.25.SEC-RHEL2
cis-csc: 13,14
cobit5: APO01.06,BAI02.01,BAI06.01,DSS04.07,DSS05.03,DSS05.04,DSS05.07,DSS06.02,DSS06.06
cui: 3.13.16
@@ -77,7 +76,6 @@ references:
srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
stigid@ol8: OL08-00-010030
stigid@rhel8: RHEL-08-010030
- stigid@rhel9: RHEL-09-231190
stigid@sle12: SLES-12-010450
stigid@sle15: SLES-15-010330
stigid@ubuntu2004: UBTU-20-010414
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
index a6bab16a7a2..af2323216e7 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-010800
stigid@rhel7: RHEL-07-021310
stigid@rhel8: RHEL-08-010800
- stigid@rhel9: RHEL-09-231010
stigid@sle12: SLES-12-010850
stigid@sle15: SLES-15-040200
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
index ad21efea283..7256a515b6f 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-010543
stigid@rhel7: RHEL-07-021340
stigid@rhel8: RHEL-08-010543
- stigid@rhel9: RHEL-09-231015
{{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
index bf23f80db24..e81fc09419e 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol8: OL08-00-010540
stigid@rhel7: RHEL-07-021320
stigid@rhel8: RHEL-08-010540
- stigid@rhel9: RHEL-09-231020
stigid@sle12: SLES-12-010860
stigid@sle15: SLES-15-040210
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
index 1811a978433..04890f4b835 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
@@ -39,7 +39,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010541
stigid@rhel8: RHEL-08-010541
- stigid@rhel9: RHEL-09-231025
{{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
index eb9fdf318af..e874b23cf8a 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-010542
stigid@rhel7: RHEL-07-021330
stigid@rhel8: RHEL-08-010542
- stigid@rhel9: RHEL-09-231030
stigid@sle12: SLES-12-010870
stigid@sle15: SLES-15-030810
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
index 7866aa7a556..65e4fed4dd3 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010544
stigid@rhel8: RHEL-08-010544
- stigid@rhel9: RHEL-09-231035
{{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
index ad75303f9d3..3f47d38ccbe 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
@@ -27,14 +27,11 @@ identifiers:
cce@sle15: CCE-83288-1
references:
- ccn@rhel9: A.11.SEC-RHEL4
cis@sle12: '1.10'
cis@sle15: '1.10'
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(5)(ii)(A)
pcidss: Req-6.2
- pcidss4: '8.2.8'
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-271090
stigid@sle12: SLES-12-010040
stigid@sle15: SLES-15-010090
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
index 64bc76b5dbc..b316ab55bc2 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
@@ -42,7 +42,6 @@ references:
nist: CM-6(a),AC-6(1),CM-7(b)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-271095,RHEL-09-271100
ocil_clause: 'disable-restart-buttons has not been configured or is not disabled'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
index 7e2666ce653..4cca435a661 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
@@ -34,7 +34,6 @@ identifiers:
cce@sle15: CCE-92520-6
references:
- ccn@rhel9: A.11.SEC-RHEL9
cis@sle12: '1.10'
cis@sle15: '1.10'
cis@ubuntu2004: '1.10'
@@ -45,7 +44,6 @@ references:
stigid@ol8: OL08-00-020032
stigid@rhel7: RHEL-07-010063
stigid@rhel8: RHEL-08-020032
- stigid@rhel9: RHEL-09-271115
ocil_clause: 'disable-user-list has not been configured or is not disabled'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
index 640a61e516e..72feb1469e5 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
@@ -33,7 +33,6 @@ references:
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020050
stigid@rhel8: RHEL-08-020050
- stigid@rhel9: RHEL-09-271045,RHEL-09-271050
ocil_clause: 'removal-action has not been configured'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
index 99bc0c87881..73002177c26 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
@@ -34,13 +34,11 @@ references:
nist: CM-6(a),AC-6(1),CM-7(b)
nist-csf: PR.IP-1
ospp: FIA_UAU.1
- pcidss4: '8.3.1'
srg: SRG-OS-000480-GPOS-00229
stigid@ol7: OL07-00-010440
stigid@ol8: OL08-00-010820
stigid@rhel7: RHEL-07-010440
stigid@rhel8: RHEL-08-010820
- stigid@rhel9: RHEL-09-271040
ocil_clause: 'GDM allows users to automatically login'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
index 455ad18e563..a014c8053ad 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
@@ -33,7 +33,6 @@ references:
nist: CM-7(a),CM-7(b),CM-6(a),IA-2
nist-csf: PR.IP-1
ospp: FIA_UAU.1
- pcidss4: '8.3.1'
srg: SRG-OS-000480-GPOS-00229
stigid@ol7: OL07-00-010450
stigid@rhel7: RHEL-07-010450
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
index d9541dd63c6..641b4aa3fdb 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml
@@ -26,7 +26,6 @@ identifiers:
references:
disa: CCI-000366
nist: CM-6(b),CM-6.1(iv)
- pcidss4: '8.3.1'
srg: SRG-OS-000480-GPOS-00229
stigid@sle12: SLES-12-010380
stigid@sle15: SLES-15-040430
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
index f64d688dbd2..16b727a34c5 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
@@ -31,7 +31,6 @@ identifiers:
cce@rhel9: CCE-87734-0
references:
- ccn@rhel9: A.11.SEC-RHEL12
cis-csc: 12,16
cis@ubuntu2204: 1.8.6
cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03
@@ -42,7 +41,6 @@ references:
iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.AC-6
- pcidss4: '3.4.2'
srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020111
stigid@rhel7: RHEL-07-020111
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
index 407d6071ae6..e96590e6b4c 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@rhel9: CCE-90128-0
references:
- ccn@rhel9: A.11.SEC-RHEL12
cis-csc: 12,16
cis@ubuntu2204: 1.8.6
cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03
@@ -43,11 +42,9 @@ references:
iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1
nist: CM-7(a),CM-7(b),CM-6(a)
nist-csf: PR.AC-3,PR.AC-6
- pcidss4: '3.4.2'
srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020111
stigid@rhel7: RHEL-07-020111
- stigid@rhel9: RHEL-09-271020,RHEL-09-271025
ocil_clause: 'GNOME automounting is not disabled'
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
index ada9397b113..3e08f2c9c51 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
@@ -32,7 +32,6 @@ identifiers:
cce@rhel9: CCE-90257-7
references:
- ccn@rhel9: A.11.SEC-RHEL12
cis-csc: 12,16
cis@ubuntu2204: 1.8.8
cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03
@@ -46,7 +45,6 @@ references:
srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020111
stigid@rhel7: RHEL-07-020111
- stigid@rhel9: RHEL-09-271030,RHEL-09-271035
ocil_clause: 'GNOME autorun is not disabled'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
index 04327029bdb..a3fa8f1b0db 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
@@ -50,7 +50,6 @@ references:
nist-csf: PR.AC-7
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000029-GPOS-00010
stigid@ol7: OL07-00-010100
stigid@rhel7: RHEL-07-010100
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
index bdb252c75db..4eabf4c0e5f 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
@@ -30,7 +30,6 @@ identifiers:
cce@sle15: CCE-85669-0
references:
- ccn@rhel9: A.11.SEC-RHEL7
cis-csc: 1,12,15,16
cjis: 5.5.5
cobit5: DSS05.04,DSS05.10,DSS06.10
@@ -45,13 +44,11 @@ references:
nist@sle15: AC-11(a),AC-11.1 (ii)
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol7: OL07-00-010070
stigid@ol8: OL08-00-020060
stigid@rhel7: RHEL-07-010070
stigid@rhel8: RHEL-08-020060
- stigid@rhel9: RHEL-09-271065
stigid@sle12: SLES-12-010080
stigid@sle15: SLES-15-010120
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
index 5953dab9cb4..7f941c056cb 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
@@ -24,7 +24,6 @@ identifiers:
cce@rhel9: CCE-86954-5
references:
- ccn@rhel9: A.11.SEC-RHEL7
cis-csc: 1,12,15,16
cis@ubuntu2204: 1.8.5
cobit5: DSS05.04,DSS05.10,DSS06.10
@@ -37,13 +36,11 @@ references:
nist-csf: PR.AC-7
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: '8.2.8'
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol7: OL07-00-010110
stigid@ol8: OL08-00-020031
stigid@rhel7: RHEL-07-010110
stigid@rhel8: RHEL-08-020031
- stigid@rhel9: RHEL-09-271075
ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
index 7281b71929b..b2adc554077 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
@@ -52,13 +52,11 @@ references:
nist@sle12: AC-11(b),AC-11(a),AC-11(1),AC-11(1).1,AC-11.1(iii),AC-11
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol7: OL07-00-010060
stigid@ol8: OL08-00-020030,OL08-00-020082
stigid@rhel7: RHEL-07-010060
stigid@rhel8: RHEL-08-020030
- stigid@rhel9: RHEL-09-271060,RHEL-09-271055
stigid@sle12: SLES-12-010060
stigid@sle15: SLES-15-010100
stigid@ubuntu2004: UBTU-20-010004
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
index 6cc58ceae10..b6f85481045 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
@@ -65,9 +65,7 @@ references:
nist-csf: PR.AC-7
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000031-GPOS-00012
- stigid@rhel9: RHEL-09-271085
stigid@sle12: SLES-12-010100
stigid@sle15: SLES-15-010140
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
index 2f9fb442250..c5918b5240e 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol8: OL08-00-020080
stigid@rhel7: RHEL-07-010081
stigid@rhel8: RHEL-08-020080
- stigid@rhel9: RHEL-09-271080
ocil_clause: 'GNOME3 session settings are not locked or configured properly'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
index 81869ce795e..aa5afe29156 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
@@ -39,13 +39,11 @@ references:
nist-csf: PR.AC-7
ospp: FMT_MOF_EXT.1
pcidss: Req-8.1.8
- pcidss4: "8.2.8"
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol7: OL07-00-010082
stigid@ol8: OL08-00-020081
stigid@rhel7: RHEL-07-010082
stigid@rhel8: RHEL-08-020081
- stigid@rhel9: RHEL-09-271070
stigid@sle12: SLES-12-010080
stigid@sle15: SLES-15-010120
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
index 6700f053355..63893c3212a 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-040171
stigid@rhel7: RHEL-07-020231
stigid@rhel8: RHEL-08-040171
- stigid@rhel9: RHEL-09-271105,RHEL-09-271110
stigid@ubuntu2004: UBTU-20-010459
ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed'
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
index 90d7c08b0c8..c6f87fb5b6a 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol8: OL08-00-010000
stigid@rhel7: RHEL-07-020250
stigid@rhel8: RHEL-08-010000
- stigid@rhel9: RHEL-09-211010
stigid@sle12: SLES-12-010000
stigid@sle15: SLES-15-010000
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index 395e7a66558..93bc87dbf3a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-672050
ocil_clause: |-
BIND is installed and the BIND config file doesn't contain the
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index 7effabf4a4d..c065a2f5353 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -59,17 +59,14 @@ identifiers:
cce@sle15: CCE-85776-3
references:
- ccn@rhel9: A.5.SEC-RHEL4
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.312(e)(1),164.312(e)(2)(ii)
ism: "1446"
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
- pcidss4: '2.2.7'
srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-671010,RHEL-09-672030,RHEL-09-672045
ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index de54d7f962a..0fe42c65215 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -29,7 +29,6 @@ references:
srg: SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-672025
ocil_clause: 'the symlink does not exist or points to a different target'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index f0b78257177..50a24168a7e 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000033-GPOS-00014
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-671020
ocil_clause: |-
the "IPsec" service is active and the ipsec configuration file does not contain does not contain include /etc/crypto-policies/back-ends/libreswan.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
index 0f60c61d7fc..b3ef46578ec 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000250-GPOS-00093
stigid@ol8: OL08-00-010293
stigid@rhel8: RHEL-08-010293
- stigid@rhel9: RHEL-09-672035
ocil_clause: |-
the OpenSSL config file doesn't contain the whole section,
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
index 6fad634d723..bef94ba7e90 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
@@ -45,7 +45,6 @@ references:
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@ol8: OL08-00-010294
stigid@rhel8: RHEL-08-010294
- stigid@rhel9: RHEL-09-672040
ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
index 7653c47e2cc..84e934e6461 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
@@ -24,18 +24,15 @@ identifiers:
cce@sle15: CCE-85795-3
references:
- ccn@rhel9: A.5.SEC-RHEL6,A.11.SEC-RHEL6
disa: CCI-001453
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.312(e)(1),164.312(e)(2)(ii)
nerc-cip: CIP-003-8 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13
ospp: FCS_SSH_EXT.1,FCS_SSHS_EXT.1,FCS_SSHC_EXT.1
pcidss: Req-2.2
- pcidss4: '2.2.7'
srg: SRG-OS-000250-GPOS-00093
stigid@ol8: OL08-00-010287
stigid@rhel8: RHEL-08-010287
- stigid@rhel9: RHEL-09-255055
ocil_clause: 'the CRYPTO_POLICY variable is set or is not commented out in the /etc/sysconfig/sshd'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
index d8dbff00998..f25e84f0ecc 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000423-GPOS-00187
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-255060
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index 946f7e102f8..2b95e3b80ce 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
stigid@ol8: OL08-00-010291
stigid@rhel8: RHEL-08-010291
- stigid@rhel9: RHEL-09-255065
ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
index 4d4123b006c..62d705471a7 100644
--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
@@ -20,7 +20,6 @@ identifiers:
references:
ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
- stigid@rhel9: RHEL-09-672010
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
index 3f8e47ab0ad..c1b5ebac2ac 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
@@ -27,7 +27,6 @@ references:
stigid@ol8: OL08-00-010001
stigid@rhel7: RHEL-07-020019
stigid@rhel8: RHEL-08-010001
- stigid@rhel9: RHEL-09-211025
ocil_clause: 'virus scanning software is not running'
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
index 97f7635ddc8..995c546611a 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
@@ -35,7 +35,6 @@ references:
stigid@ol8: OL08-00-010001
stigid@rhel7: RHEL-07-020019
stigid@rhel8: RHEL-08-010001
- stigid@rhel9: RHEL-09-211025
stigid@ubuntu2004: UBTU-20-010415
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index 885a4044e52..047aaf28462 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000478-GPOS-00223
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-671010
ocil_clause: 'the Dracut FIPS module is not enabled'
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
index 97898e301bf..239818829cc 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
@@ -48,7 +48,6 @@ references:
srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-671010
ocil_clause: 'FIPS mode is not enabled'
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
index c498e1dada8..d9372300575 100644
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
@@ -35,7 +35,6 @@ references:
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223
stigid@ol8: OL08-00-010020
stigid@rhel8: RHEL-08-010020
- stigid@rhel9: RHEL-09-671010
ocil_clause: 'crypto.fips_enabled is not 1'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
index 6bdd197e9d8..30854edba95 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
@@ -56,7 +56,6 @@ references:
nist: CM-6(a)
nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000445-GPOS-00199
stigid@ol7: OL07-00-020029
stigid@ol8: OL08-00-010359
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
index fc1db915489..a3d7469d5c0 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000278-GPOS-00108
stigid@ol8: OL08-00-030650
stigid@rhel8: RHEL-08-030650
- stigid@rhel9: RHEL-09-651025
stigid@sle12: SLES-12-010540
stigid@sle15: SLES-15-030630
stigid@ubuntu2004: UBTU-20-010205
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
index ef6e164614c..fc22aa9a34d 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
@@ -37,7 +37,6 @@ references:
nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3
nist@sle15: SI-6(d)
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201
stigid@ol7: OL07-00-020030
stigid@rhel7: RHEL-07-020030
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
index 9248e9068dd..747662e4cc3 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
@@ -57,11 +57,9 @@ references:
nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3
nist@sle15: SI-6(d)
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201
stigid@ol7: OL07-00-020030
stigid@rhel7: RHEL-07-020030
- stigid@rhel9: RHEL-09-651015
stigid@sle12: SLES-12-010500
stigid@sle15: SLES-15-010420
stigid@ubuntu2004: UBTU-20-010074
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
index 777e2eb56d0..003dda7cd8d 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
@@ -48,7 +48,6 @@ references:
stigid@ol8: OL08-00-010360
stigid@rhel7: RHEL-07-020040
stigid@rhel8: RHEL-08-010360
- stigid@rhel9: RHEL-09-651015
stigid@sle12: SLES-12-010510
stigid@sle15: SLES-15-010570
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
index b60a5d2a223..6d37a6696de 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-021620
stigid@rhel7: RHEL-07-021620
- stigid@rhel9: RHEL-09-651020
ocil_clause: 'the sha512 option is missing or not added to the correct ruleset'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
index c95e4599d2f..3154dbb7e74 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-040310
stigid@rhel7: RHEL-07-021600
stigid@rhel8: RHEL-08-040310
- stigid@rhel9: RHEL-09-651030
stigid@sle12: SLES-12-010520
stigid@sle15: SLES-15-040040
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
index 6ce0d152f03..a6282859f37 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-040300
stigid@rhel7: RHEL-07-021610
stigid@rhel8: RHEL-08-040300
- stigid@rhel9: RHEL-09-651035
stigid@sle12: SLES-12-010530
stigid@sle15: SLES-15-040050
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
index 5a4079e2df3..7e9f5846111 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030640
stigid@rhel8: RHEL-08-030640
- stigid@rhel9: RHEL-09-232225
ocil_clause: 'any audit tools are not group-owned by root'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
index 766e086b2c9..5f823d1460d 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030630
stigid@rhel8: RHEL-08-030630
- stigid@rhel9: RHEL-09-232220
ocil_clause: 'any audit tools are not owned by root'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
index 96c20bb3200..cdad3044717 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
@@ -26,7 +26,6 @@ references:
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030620
stigid@rhel8: RHEL-08-030620
- stigid@rhel9: RHEL-09-232035
ocil_clause: 'any of these files have more permissive permissions than 0755'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
index a3d9d828285..c3ccdb412e9 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
@@ -33,13 +33,11 @@ references:
nist: CM-6(a)
nist-csf: DE.CM-1,DE.CM-7,PR.DS-1,PR.DS-6,PR.DS-8,PR.IP-1,PR.IP-3
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000445-GPOS-00199
stigid@ol7: OL07-00-020029
stigid@ol8: OL08-00-010359
stigid@rhel7: RHEL-07-020029
stigid@rhel8: RHEL-08-010359
- stigid@rhel9: RHEL-09-651010
stigid@sle12: SLES-12-010499
stigid@sle15: SLES-15-010419
stigid@ubuntu2004: UBTU-20-010450
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml
index 979532c1111..7833144f3fc 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml
@@ -51,11 +51,9 @@ references:
nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3)
nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-010020
stigid@rhel7: RHEL-07-010020
- stigid@rhel9: RHEL-09-214030
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
index d16dc022cc1..47646e3c81f 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
@@ -43,7 +43,6 @@ references:
nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3)
nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000278-GPOS-00108
stigid@ol7: OL07-00-010010
stigid@rhel7: RHEL-07-010010
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
index a4e1dfd4af2..2a9626ae8de 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
@@ -49,7 +49,6 @@ references:
nist: CM-6(d),CM-6(c),SI-7,SI-7(1),SI-7(6),AU-9(3),CM-6(a)
nist-csf: PR.AC-4,PR.DS-5,PR.IP-1,PR.PT-1
pcidss: Req-11.5
- pcidss4: "11.5.2"
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099,SRG-OS-000278-GPOS-00108
stigid@ol7: OL07-00-010010
stigid@rhel7: RHEL-07-010010
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
index cb1547e1493..d5fa29fc58b 100644
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
@@ -30,9 +30,7 @@ references:
ism: 1382,1384,1386
nist: CM-6(a)
ospp: FMT_MOF_EXT.1
- pcidss4: '2.2.6'
srg: SRG-OS-000324-GPOS-00125
- stigid@rhel9: RHEL-09-432010
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
index 0bbdcd2c1ca..2f739880bd8 100644
--- a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
@@ -23,13 +23,11 @@ identifiers:
cce@sle15: CCE-91190-9
references:
- ccn@rhel9: A.5.SEC-RHEL1
cis@sle12: 1.3.2
cis@sle15: 1.3.2
cis@ubuntu2004: 1.3.2
cis@ubuntu2204: 5.3.2
pcidss: Req-10.2.5
- pcidss4: '2.2.6'
ocil_clause: 'use_pty is not enabled in sudo'
diff --git a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
index 228c6900ea1..ec5617631d0 100644
--- a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
@@ -25,7 +25,6 @@ references:
cis@ubuntu2004: 1.3.3
cis@ubuntu2204: 5.3.3
pcidss: Req-10.2.5
- pcidss4: '2.2.6'
ocil_clause: 'logfile is not enabled in sudo'
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
index 0d58b8b56aa..e580c801c82 100644
--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-010381
stigid@rhel7: RHEL-07-010350
stigid@rhel8: RHEL-08-010381
- stigid@rhel9: RHEL-09-432025
stigid@sle12: SLES-12-010110
stigid@sle15: SLES-15-010450
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
index 2ce1874f9ce..342345a5922 100644
--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol8: OL08-00-010380
stigid@rhel7: RHEL-07-010340
stigid@rhel8: RHEL-08-010380
- stigid@rhel9: RHEL-09-611085
stigid@sle12: SLES-12-010110
stigid@sle15: SLES-15-010450
diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
index 7df75333a6e..009e15eab1f 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml
@@ -26,7 +26,6 @@ identifiers:
cce@sle15: CCE-85673-2
references:
- ccn@rhel9: A.5.SEC-RHEL2
cis-csc: 1,12,15,16,5
cis@ubuntu2204: 5.3.4
cobit5: DSS05.04,DSS05.10,DSS06.03,DSS06.10
@@ -36,7 +35,6 @@ references:
iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3
nist: IA-11,CM-6(a)
nist-csf: PR.AC-1,PR.AC-7
- pcidss4: '2.2.6'
srg: SRG-OS-000373-GPOS-00156
stigid@sle15: SLES-15-010450
stigid@ubuntu2004: UBTU-20-010014
diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
index ab70616d08b..f6e67303e83 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
@@ -30,17 +30,14 @@ identifiers:
cce@sle15: CCE-85764-9
references:
- ccn@rhel9: A.5.SEC-RHEL2
cis@ubuntu2204: 5.3.6
disa: CCI-002038
nist: IA-11
- pcidss4: '2.2.6'
srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
stigid@ol7: OL07-00-010343
stigid@ol8: OL08-00-010384
stigid@rhel7: RHEL-07-010343
stigid@rhel8: RHEL-08-010384
- stigid@rhel9: RHEL-09-432015
stigid@sle12: SLES-12-010113
stigid@sle15: SLES-15-020102
diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
index ff37f2f173a..74cab63ec33 100644
--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
@@ -34,7 +34,6 @@ references:
stigid@ol8: OL08-00-010382
stigid@rhel7: RHEL-07-010341
stigid@rhel8: RHEL-08-010382
- stigid@rhel9: RHEL-09-432030
stigid@sle12: SLES-12-010111
stigid@sle15: SLES-15-020101
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
index bfb4e8fe163..862c387647c 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
@@ -38,7 +38,6 @@ references:
stigid@ol8: OL08-00-010383
stigid@rhel7: RHEL-07-010342
stigid@rhel8: RHEL-08-010383
- stigid@rhel9: RHEL-09-432020
stigid@sle12: SLES-12-010112
stigid@sle15: SLES-15-020103
diff --git a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
index 2eddcd547ba..ed6c6c2949d 100644
--- a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
@@ -20,9 +20,6 @@ identifiers:
cce@rhel7: CCE-82996-0
cce@rhel9: CCE-86612-9
-references:
- ccn@rhel9: A.25.SEC-RHEL1,A.25.SEC-RHEL2
- pcidss4: '3.5.1.2'
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml
index 72322dc7241..7b43f345fe4 100644
--- a/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_gnutls-utils_installed/rule.yml
@@ -23,7 +23,6 @@ identifiers:
references:
ospp: FIA_X509_EXT.1,FIA_X509_EXT.2
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-215080
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
index ba437727cb5..801df41d9a7 100644
--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
@@ -21,7 +21,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040370
stigid@rhel8: RHEL-08-040370
- stigid@rhel9: RHEL-09-215045
{{{ complete_ocil_entry_package(package="gssproxy") }}}
diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
index 4000e219f77..53e7a0a8b7d 100644
--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
@@ -22,7 +22,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040380
stigid@rhel8: RHEL-08-040380
- stigid@rhel9: RHEL-09-215050
{{{ complete_ocil_entry_package(package="iprutils") }}}
diff --git a/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml
index 82c45c0b9ec..a6bed84a661 100644
--- a/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_nss-tools_installed/rule.yml
@@ -21,7 +21,6 @@ identifiers:
references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
- stigid@rhel9: RHEL-09-215085
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
index 53b65dca164..135b6b3989a 100644
--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
@@ -22,7 +22,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010472
stigid@rhel8: RHEL-08-010472
- stigid@rhel9: RHEL-09-215090
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
index 97c7b011d4e..e930dc900a5 100644
--- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
@@ -31,7 +31,6 @@ references:
ism: 0940,1144,1467,1472,1483,1493,1494,1495
ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
srg: SRG-OS-000366-GPOS-00153
- stigid@rhel9: RHEL-09-215010
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
index 76bd27a3132..e14d516e31c 100644
--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
@@ -24,7 +24,6 @@ references:
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040390
stigid@rhel8: RHEL-08-040390
- stigid@rhel9: RHEL-09-215055
{{{ complete_ocil_entry_package(package="tuned") }}}
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
index 79ecf5d4601..fc688e45de4 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol8: OL08-00-010440
stigid@rhel7: RHEL-07-020200
stigid@rhel8: RHEL-08-010440
- stigid@rhel9: RHEL-09-214035
stigid@sle12: SLES-12-010570
stigid@sle15: SLES-15-010560
stigid@ubuntu2004: UBTU-20-010449
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
index 24bc9b221f9..7cb06aa46da 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
@@ -52,13 +52,11 @@ references:
nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
pcidss: Req-6.2
- pcidss4: "6.3.3"
srg: SRG-OS-000366-GPOS-00153
stigid@ol7: OL07-00-020050
stigid@ol8: OL08-00-010370
stigid@rhel7: RHEL-07-020050
stigid@rhel8: RHEL-08-010370
- stigid@rhel9: RHEL-09-214015
stigid@sle12: SLES-12-010550
stigid@sle15: SLES-15-010430
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
index 27add9a53d6..9aa0633f74e 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol8: OL08-00-010371
stigid@rhel7: RHEL-07-020060
stigid@rhel8: RHEL-08-010371
- stigid@rhel9: RHEL-09-214020
ocil_clause: 'there is no process to validate certificates for local packages that is approved by the organization'
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
index e51906ebbbf..d46746274d6 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
@@ -41,11 +41,9 @@ references:
nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
pcidss: Req-6.2
- pcidss4: "6.3.3"
srg: SRG-OS-000366-GPOS-00153
stigid@ol8: OL08-00-010370
stigid@rhel8: RHEL-08-010370
- stigid@rhel9: RHEL-09-214025
ocil_clause: 'GPG checking is disabled'
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
index b1b396aa052..c30929636c3 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
@@ -52,11 +52,9 @@ references:
nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
pcidss: Req-6.2
- pcidss4: '6.3.3'
srg: SRG-OS-000366-GPOS-00153
stigid@rhel7: RHEL-07-010019
stigid@rhel8: RHEL-08-010019
- stigid@rhel9: RHEL-09-214010
ocil_clause: 'the Red Hat GPG Key is not installed'
diff --git a/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml
index 84a37e42529..dc96d66758d 100644
--- a/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_suse_gpgkey_installed/rule.yml
@@ -52,7 +52,6 @@ references:
nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
pcidss: Req-6.2
- pcidss4: "6.3.3"
srg: SRG-OS-000366-GPOS-00153
ocil_clause: 'the SUSE GPG Key is not installed'
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index 8d30bfca29f..fed8d1e7e33 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -57,13 +57,11 @@ references:
nist-csf: ID.RA-1,PR.IP-12
ospp: FMT_MOF_EXT.1
pcidss: Req-6.2
- pcidss4: "6.3.3"
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020260
stigid@ol8: OL08-00-010010
stigid@rhel7: RHEL-07-020260
stigid@rhel8: RHEL-08-010010
- stigid@rhel9: RHEL-09-211015
stigid@sle12: SLES-12-010010
stigid@sle15: SLES-15-010010
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 78344868f7c..eaac24d4769 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -252,10 +252,6 @@ endmacro()
if(PYTHON_VERSION_MAJOR GREATER 2 AND SSG_PRODUCT_RHEL9)
- ssg_refcheck_test("rhel9" "ccn_basic" "ccn")
- ssg_refcheck_test("rhel9" "ccn_advanced" "ccn")
- # This exclude can be removed once enable_authselect has a stigid
- ssg_refcheck_test("rhel9" "stig" "stigid" "enable_authselect")
stig_srg_mapping_test("rhel9")
endif()