diff --git a/tasks/main.yml b/tasks/main.yml index d133696..d5957cb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -279,6 +279,7 @@ - NIST-800-53-SC-12(2) - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 + - PCI-DSSv4-2.2.7 - configure_crypto_policy - high_severity - low_complexity @@ -306,6 +307,7 @@ - NIST-800-53-SC-12(2) - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 + - PCI-DSSv4-2.2.7 - configure_crypto_policy - high_severity - low_complexity @@ -361,7 +363,6 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 - configure_libreswan_crypto_policy - high_severity - low_complexity @@ -394,7 +395,6 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 - configure_openssl_crypto_policy - low_complexity - medium_disruption @@ -427,7 +427,6 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 - configure_openssl_crypto_policy - low_complexity - medium_disruption @@ -471,7 +470,6 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 - configure_openssl_crypto_policy - low_complexity - medium_disruption @@ -507,7 +505,6 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 - configure_openssl_crypto_policy - low_complexity - medium_disruption @@ -529,7 +526,7 @@ - NIST-800-53-MA-4(6) - NIST-800-53-SC-13 - PCI-DSS-Req-2.2 - - PCI-DSSv4-2.2 + - PCI-DSSv4-2.2.7 - configure_ssh_crypto_policy - disable_strategy - low_complexity @@ -586,7 +583,7 @@ tags: - CCE-82214-8 - NIST-800-53-CM-6(a) - - PCI-DSSv4-10.2.1.5 + - PCI-DSSv4-2.2.6 - enable_strategy - low_complexity - low_disruption @@ -1226,6 +1223,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -1257,6 +1255,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -1288,6 +1287,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -1317,6 +1317,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -1359,6 +1360,7 @@ - NIST-800-53-SC-12(3) - NIST-800-53-SI-7 - PCI-DSS-Req-6.2 + - PCI-DSSv4-6.3.3 - ensure_redhat_gpgkey_installed - high_severity - medium_complexity @@ -4142,7 +4144,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_dcredit - low_complexity - low_disruption @@ -4182,7 +4183,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_dcredit - low_complexity - low_disruption @@ -4258,7 +4258,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_lcredit - low_complexity - low_disruption @@ -4298,7 +4297,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_lcredit - low_complexity - low_disruption @@ -4426,7 +4424,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_minlen - low_complexity - low_disruption @@ -4467,7 +4464,6 @@ - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_minlen - low_complexity - low_disruption @@ -4540,8 +4536,6 @@ - NIST-800-53-IA-5(4) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_ucredit - low_complexity - low_disruption @@ -4580,8 +4574,6 @@ - NIST-800-53-IA-5(4) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 - accounts_password_pam_ucredit - low_complexity - low_disruption @@ -5079,8 +5071,7 @@ - NIST-800-53-IA-5(1)(a) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 + - PCI-DSSv4-8.3.1 - configure_strategy - high_severity - low_complexity @@ -5150,8 +5141,7 @@ - NIST-800-53-IA-5(1)(a) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 + - PCI-DSSv4-8.3.1 - configure_strategy - high_severity - low_complexity @@ -5188,8 +5178,7 @@ - NIST-800-53-IA-5(1)(a) - NIST-800-53-IA-5(c) - PCI-DSS-Req-8.2.3 - - PCI-DSSv4-8.3.6 - - PCI-DSSv4-8.3.9 + - PCI-DSSv4-8.3.1 - configure_strategy - high_severity - low_complexity @@ -5228,7 +5217,6 @@ manager: auto tags: - CCE-83318-6 - - PCI-DSSv4-8.6.1 - low_complexity - low_disruption - medium_severity @@ -5258,7 +5246,6 @@ - '"pam" in ansible_facts.packages' tags: - CCE-83318-6 - - PCI-DSSv4-8.6.1 - low_complexity - low_disruption - medium_severity @@ -5386,7 +5373,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_bashrc - low_complexity - low_disruption @@ -5424,7 +5410,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_bashrc - low_complexity - low_disruption @@ -5452,7 +5437,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_bashrc - low_complexity - low_disruption @@ -5480,7 +5464,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_bashrc - low_complexity - low_disruption @@ -5582,7 +5565,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_profile - low_complexity - low_disruption @@ -5619,7 +5601,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_profile - low_complexity - low_disruption @@ -5648,7 +5629,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_profile - low_complexity - low_disruption @@ -5668,7 +5648,6 @@ - DISA-STIG-RHEL-08-020353 - NIST-800-53-AC-6(1) - NIST-800-53-CM-6(a) - - PCI-DSSv4-8.6.1 - accounts_umask_etc_profile - low_complexity - low_disruption @@ -5814,7 +5793,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-IR-5(1) - PCI-DSS-Req-10.3 - - PCI-DSSv4-10.7 + - PCI-DSSv4-10.7.3 - grub2_audit_argument - low_disruption - low_severity @@ -5853,7 +5832,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-IR-5(1) - PCI-DSS-Req-10.3 - - PCI-DSSv4-10.7 + - PCI-DSSv4-10.7.3 - grub2_audit_argument - low_disruption - low_severity @@ -5868,6 +5847,7 @@ - CCE-80943-4 - DISA-STIG-RHEL-08-030602 - NIST-800-53-CM-6(a) + - PCI-DSSv4-10.7.2 - grub2_audit_backlog_limit_argument - low_disruption - low_severity @@ -5899,6 +5879,7 @@ - CCE-80943-4 - DISA-STIG-RHEL-08-030602 - NIST-800-53-CM-6(a) + - PCI-DSSv4-10.7.2 - grub2_audit_backlog_limit_argument - low_disruption - low_severity @@ -6740,7 +6721,6 @@ ' force: true when: - - DISA_STIG_RHEL_08_030122 | bool - audit_immutable_login_uids | bool - low_complexity | bool - low_disruption | bool @@ -6750,7 +6730,6 @@ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"] tags: - CCE-82828-5 - - DISA-STIG-RHEL-08-030122 - NIST-800-53-AU-2(a) - audit_immutable_login_uids - low_complexity @@ -6764,7 +6743,6 @@ path: /etc/audit/rules.d/11-loginuid.rules mode: o-rwx when: - - DISA_STIG_RHEL_08_030122 | bool - audit_immutable_login_uids | bool - low_complexity | bool - low_disruption | bool @@ -6774,7 +6752,6 @@ - ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"] tags: - CCE-82828-5 - - DISA-STIG-RHEL-08-030122 - NIST-800-53-AU-2(a) - audit_immutable_login_uids - low_complexity @@ -7901,6 +7878,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(21) + - PCI-DSSv4-1.2.1 - enable_strategy - low_complexity - low_disruption @@ -7949,6 +7927,7 @@ - NIST-800-53-CM-6(a) - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(21) + - PCI-DSSv4-1.2.1 - enable_strategy - low_complexity - low_disruption @@ -8451,6 +8430,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8483,6 +8463,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8516,6 +8497,7 @@ - NIST-800-53-CM-7(a) - NIST-800-53-CM-7(b) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -8833,6 +8815,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8864,6 +8847,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8896,6 +8880,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8929,6 +8914,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8958,6 +8944,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -8988,6 +8975,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9024,6 +9012,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9056,6 +9045,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9089,6 +9079,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9486,6 +9477,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9517,6 +9509,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9549,6 +9542,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9581,6 +9575,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9609,6 +9604,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9638,6 +9634,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - PCI-DSS-Req-1.4.3 + - PCI-DSSv4-1.4.2 - disable_strategy - low_complexity - medium_disruption @@ -9674,6 +9671,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9706,6 +9704,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9739,6 +9738,7 @@ - NIST-800-53-SC-5(2) - NIST-800-53-SC-5(3)(a) - PCI-DSS-Req-1.4.1 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -9775,7 +9775,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9808,7 +9808,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9842,7 +9842,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9879,6 +9879,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9911,6 +9912,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9944,6 +9946,7 @@ - NIST-800-53-CM-7(b) - NIST-800-53-SC-5 - NIST-800-53-SC-7(a) + - PCI-DSSv4-1.4.5 - disable_strategy - low_complexity - medium_disruption @@ -9979,7 +9982,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -10011,7 +10014,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -10044,7 +10047,7 @@ - NIST-800-53-SC-7(a) - PCI-DSS-Req-1.3.1 - PCI-DSS-Req-1.3.2 - - PCI-DSSv4-1.4.2 + - PCI-DSSv4-1.4.3 - disable_strategy - low_complexity - medium_disruption @@ -13886,6 +13889,7 @@ - CCE-82215-5 - DISA-STIG-RHEL-08-010671 - NIST-800-53-SC-7(10) + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13912,6 +13916,7 @@ - CCE-82215-5 - DISA-STIG-RHEL-08-010671 - NIST-800-53-SC-7(10) + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -13939,6 +13944,7 @@ - CCE-82215-5 - DISA-STIG-RHEL-08-010671 - NIST-800-53-SC-7(10) + - PCI-DSSv4-3.3.1 - disable_strategy - low_complexity - medium_disruption @@ -14602,9 +14608,7 @@ - DISA-STIG-RHEL-08-010675 - NIST-800-53-CM-6 - PCI-DSS-Req-3.2 - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - coredump_disable_backtraces - low_complexity - low_disruption @@ -14659,9 +14663,7 @@ - DISA-STIG-RHEL-08-010675 - NIST-800-53-CM-6 - PCI-DSS-Req-3.2 - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - coredump_disable_backtraces - low_complexity - low_disruption @@ -14677,9 +14679,7 @@ - DISA-STIG-RHEL-08-010674 - NIST-800-53-CM-6 - PCI-DSS-Req-3.2 - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - coredump_disable_storage - low_complexity - low_disruption @@ -14734,9 +14734,7 @@ - DISA-STIG-RHEL-08-010674 - NIST-800-53-CM-6 - PCI-DSS-Req-3.2 - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - coredump_disable_storage - low_complexity - low_disruption @@ -14752,9 +14750,7 @@ - DISA-STIG-RHEL-08-010673 - NIST-800-53-CM-6 - NIST-800-53-SC-7(10) - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - disable_users_coredumps - low_complexity - low_disruption @@ -14790,9 +14786,7 @@ - DISA-STIG-RHEL-08-010673 - NIST-800-53-CM-6 - NIST-800-53-SC-7(10) - - PCI-DSSv4-3.3.1.1 - - PCI-DSSv4-3.3.1.2 - - PCI-DSSv4-3.3.1.3 + - PCI-DSSv4-3.3.1 - disable_users_coredumps - low_complexity - low_disruption @@ -15069,6 +15063,7 @@ - NIST-800-53-AC-3(3)(a) - NIST-800-53-AU-9 - NIST-800-53-SC-7(21) + - PCI-DSSv4-1.2.6 - low_complexity - low_disruption - medium_severity @@ -15379,7 +15374,6 @@ state: absent tags: - CCE-82932-5 - - PCI-DSSv4-2.2.4 - disable_strategy - low_complexity - low_disruption @@ -15783,7 +15777,6 @@ - NIST-800-53-CM-6(a) - NIST-800-53-SC-10 - PCI-DSS-Req-8.1.8 - - PCI-DSSv4-8.2.8 - low_complexity - low_disruption - medium_severity @@ -16212,7 +16205,6 @@ - NIST-800-53-AC-8(c) - NIST-800-53-CM-6(a) - PCI-DSS-Req-2.2.4 - - PCI-DSSv4-2.2.6 - low_complexity - low_disruption - medium_severity