diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
index 1905a924367..457ec11939b 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -57,6 +57,7 @@ controls:
         policies.
       rules:
         - package_nftables_installed
+        - package_firewalld_installed
         - service_firewalld_enabled
         - service_nftables_disabled
 
diff --git a/tests/data/profile_stability/rhel7/pci-dss.profile b/tests/data/profile_stability/rhel7/pci-dss.profile
index 2f0368f9f69..5d7f73e4f70 100644
--- a/tests/data/profile_stability/rhel7/pci-dss.profile
+++ b/tests/data/profile_stability/rhel7/pci-dss.profile
@@ -20,263 +20,264 @@ metadata:
     - vojtapolasek
 reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
 selections:
-- file_groupowner_etc_passwd
-- ensure_shadow_group_empty
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- file_cron_deny_not_exist
-- disable_users_coredumps
-- account_disable_post_pw_expiration
-- dconf_gnome_screensaver_lock_enabled
-- sysctl_net_ipv4_conf_all_rp_filter
-- rsyslog_files_ownership
-- service_nftables_disabled
-- dconf_gnome_screensaver_lock_delay
-- sudo_custom_logfile
-- file_permissions_etc_issue_net
-- no_direct_root_logins
-- file_permissions_etc_passwd
-- audit_rules_dac_modification_lsetxattr
-- audit_rules_suid_privilege_function
-- package_rsh-server_removed
+- accounts_password_set_max_life_existing
+- audit_rules_file_deletion_events_rename
+- audit_rules_file_deletion_events_unlink
+- no_files_unowned_by_user
+- dconf_gnome_screensaver_idle_delay
+- file_owner_cron_d
+- audit_rules_dac_modification_lchown
+- file_permissions_cron_hourly
 - accounts_root_gid_zero
-- audit_rules_usergroup_modification_group
-- file_groupowner_cron_weekly
-- file_permissions_etc_group
-- dconf_gnome_disable_automount
-- file_permissions_sshd_pub_key
-- audit_rules_dac_modification_fchownat
-- account_unique_id
-- gnome_gdm_disable_guest_login
-- account_unique_name
-- file_permissions_etc_shadow
-- no_password_auth_for_systemaccounts
-- sshd_use_approved_ciphers
-- dconf_gnome_screensaver_idle_activation_enabled
-- package_ypbind_removed
-- file_permissions_backup_etc_passwd
-- chronyd_specify_remote_server
-- accounts_password_warn_age_login_defs
-- accounts_password_pam_minlen
 - audit_rules_usergroup_modification_passwd
-- audit_rules_dac_modification_fchmod
+- audit_rules_dac_modification_chmod
+- rpm_verify_ownership
+- accounts_tmout
+- file_groupowner_cron_allow
+- file_owner_backup_etc_shadow
+- nftables_ensure_default_deny_policy
+- file_groupowner_crontab
+- dconf_db_up_to_date
+- sysctl_net_ipv4_conf_all_secure_redirects
+- accounts_no_uid_except_zero
+- file_groupowner_cron_d
+- kernel_module_usb-storage_disabled
+- file_groupowner_backup_etc_group
+- audit_rules_dac_modification_removexattr
+- file_groupowner_backup_etc_shadow
+- package_telnet-server_removed
+- package_rsh_removed
+- service_auditd_enabled
+- sshd_set_max_sessions
+- sshd_use_strong_kex
+- security_patches_up_to_date
+- sysctl_net_ipv4_conf_default_accept_redirects
 - file_groupowner_cron_monthly
+- file_owner_grub2_cfg
+- audit_rules_dac_modification_fchmod
+- ensure_root_password_configured
+- sshd_disable_rhosts
+- sudo_custom_logfile
+- no_empty_passwords
+- package_tftp_removed
 - file_owner_etc_shadow
-- ensure_redhat_gpgkey_installed
-- dconf_gnome_session_idle_user_locks
-- package_chrony_installed
-- selinux_confinement_of_daemons
-- sysctl_net_ipv4_ip_forward
-- sshd_enable_pam
-- file_groupowner_grub2_cfg
-- sshd_set_loglevel_verbose
+- accounts_passwords_pam_faillock_unlock_time
 - accounts_passwords_pam_faillock_deny
-- directory_access_var_log_audit
+- rsyslog_files_ownership
+- account_disable_post_pw_expiration
+- sysctl_net_ipv6_conf_default_accept_source_route
+- audit_rules_dac_modification_fremovexattr
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+- wireless_disable_interfaces
+- coredump_disable_backtraces
+- service_chronyd_or_ntpd_enabled
+- dconf_gnome_disable_automount_open
+- chronyd_specify_remote_server
+- dconf_gnome_screensaver_idle_activation_enabled
+- file_groupowner_etc_group
+- no_direct_root_logins
+- sshd_set_idle_timeout
+- accounts_password_all_shadowed
+- audit_rules_dac_modification_setxattr
+- auditd_data_retention_admin_space_left_action
+- file_permissions_etc_passwd
+- file_permissions_grub2_cfg
+- package_cryptsetup-luks_installed
+- rsyslog_files_permissions
+- gid_passwd_group_same
+- file_owner_cron_weekly
+- chronyd_run_as_chrony_user
+- file_permissions_backup_etc_shadow
+- coredump_disable_storage
 - audit_rules_sysadmin_actions
-- audit_rules_immutable
-- package_telnet_removed
+- grub2_audit_argument
+- account_unique_id
+- package_firewalld_installed
 - file_groupowner_etc_issue_net
-- sshd_set_maxstartups
-- file_permissions_var_log_audit
-- audit_rules_dac_modification_chmod
-- dconf_gnome_screensaver_mode_blank
-- accounts_password_pam_pwhistory_remember_password_auth
-- package_audit_installed
-- audit_rules_dac_modification_lchown
-- audit_rules_dac_modification_fsetxattr
-- ensure_gpgcheck_globally_activated
-- file_owner_crontab
-- file_permissions_cron_d
 - file_permissions_user_cfg
-- postfix_network_listening_disabled
-- accounts_password_set_warn_age_existing
-- auditd_name_format
-- audit_rules_networkconfig_modification
-- gid_passwd_group_same
-- audit_rules_file_deletion_events_unlink
-- kernel_module_dccp_disabled
-- package_ypserv_removed
-- sshd_set_max_sessions
-- wireless_disable_interfaces
-- file_permissions_cron_allow
-- audit_rules_dac_modification_setxattr
-- file_owner_cron_daily
-- audit_rules_login_events_lastlog
-- rsyslog_files_groupownership
-- audit_rules_file_deletion_events_rmdir
+- auditd_audispd_syslog_plugin_activated
+- sudo_add_use_pty
+- ensure_gpgcheck_never_disabled
+- use_pam_wheel_group_for_su
+- bios_enable_execution_restrictions
+- audit_rules_session_events
+- audit_rules_media_export
+- no_password_auth_for_systemaccounts
+- auditd_data_retention_space_left
 - audit_rules_login_events_faillock
-- file_owner_grub2_cfg
-- disable_host_auth
 - rpm_verify_hashes
-- ntpd_specify_remote_server
-- audit_rules_usergroup_modification_shadow
-- audit_rules_time_clock_settime
-- file_owner_etc_passwd
-- audit_rules_dac_modification_lremovexattr
+- accounts_set_post_pw_existing
+- service_nftables_disabled
+- accounts_password_set_warn_age_existing
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- audit_rules_mac_modification
+- ntpd_specify_multiple_servers
+- audit_rules_time_settimeofday
+- sshd_use_approved_macs
+- sysctl_fs_suid_dumpable
+- sysctl_net_ipv4_ip_forward
+- audit_rules_dac_modification_lsetxattr
+- accounts_password_pam_dcredit
+- accounts_password_pam_unix_remember
+- file_permissions_sshd_config
+- no_empty_passwords_etc_shadow
+- audit_rules_file_deletion_events_unlinkat
 - file_permissions_backup_etc_group
+- file_groupowner_user_cfg
+- sshd_use_approved_ciphers
+- audit_rules_immutable
+- audit_rules_file_deletion_events_renameat
+- file_group_ownership_var_log_audit
+- package_aide_installed
+- file_permissions_etc_group
+- ensure_shadow_group_empty
+- accounts_password_pam_minlen
+- configure_firewalld_ports
+- file_groupowner_etc_passwd
+- audit_rules_usergroup_modification_gshadow
+- audit_rules_suid_privilege_function
 - group_unique_id
-- display_login_attempts
-- network_sniffer_disabled
+- sshd_do_not_permit_user_env
+- file_permissions_cron_weekly
+- dconf_gnome_disable_automount
+- audit_rules_time_clock_settime
+- file_permissions_cron_d
+- selinux_confinement_of_daemons
+- ensure_pam_wheel_group_empty
+- ensure_gpgcheck_globally_activated
+- file_permissions_backup_etc_passwd
 - no_shelllogin_for_systemaccounts
-- audit_rules_dac_modification_fchown
 - sshd_disable_empty_passwords
-- accounts_password_last_change_is_in_past
-- sysctl_net_ipv6_conf_default_accept_source_route
-- security_patches_up_to_date
-- ntpd_specify_multiple_servers
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- file_owner_backup_etc_group
-- rsyslog_files_permissions
-- audit_sudo_log_events
-- rpm_verify_ownership
-- sshd_do_not_permit_user_env
-- package_net-snmp_removed
-- network_nmcli_permissions
-- audit_rules_dac_modification_fremovexattr
-- auditd_data_retention_admin_space_left_action
-- accounts_maximum_age_login_defs
-- audit_rules_file_deletion_events_renameat
-- sshd_disable_rhosts
-- dir_perms_world_writable_sticky_bits
-- file_permissions_cron_monthly
-- file_owner_cron_allow
-- sshd_use_approved_macs
-- sshd_disable_root_login
-- file_owner_backup_etc_passwd
-- file_permissions_sshd_config
 - file_owner_etc_issue_net
-- file_ownership_var_log_audit
-- package_talk_removed
-- file_permissions_unauthorized_world_writable
-- selinux_state
-- service_avahi-daemon_disabled
-- file_groupowner_crontab
-- sudo_require_reauthentication
-- sysctl_net_ipv4_conf_default_accept_redirects
-- file_groupowner_backup_etc_group
-- no_empty_passwords
-- sysctl_fs_suid_dumpable
-- file_groupowner_etc_shadow
+- sshd_disable_x11_forwarding
+- audit_rules_usergroup_modification_group
+- audit_rules_dac_modification_fchownat
 - auditd_data_retention_space_left_action
-- file_permissions_cron_weekly
-- sshd_use_strong_kex
-- service_ntpd_enabled
-- configure_firewalld_ports
-- file_permissions_backup_etc_shadow
-- auditd_data_retention_space_left
-- selinux_policytype
-- accounts_password_pam_unix_remember
-- file_at_deny_not_exist
-- sshd_set_idle_timeout
-- package_tftp_removed
-- sshd_set_keepalive
-- chronyd_run_as_chrony_user
-- file_groupowner_cron_daily
-- file_owner_cron_hourly
 - group_unique_name
-- securetty_root_login_console_only
-- set_password_hashing_algorithm_systemauth
-- sysctl_net_ipv4_conf_all_send_redirects
-- audit_rules_dac_modification_chown
-- dconf_gnome_screensaver_idle_delay
-- install_PAE_kernel_on_x86-32
-- file_groupowner_backup_etc_shadow
-- sshd_disable_tcp_forwarding
-- grub2_audit_backlog_limit_argument
+- dir_perms_world_writable_sticky_bits
+- package_ypserv_removed
 - set_ip6tables_default_rule
-- accounts_password_pam_pwhistory_remember_system_auth
-- aide_build_database
-- kernel_module_usb-storage_disabled
-- file_groupowner_cron_hourly
-- set_firewalld_default_zone
-- package_aide_installed
-- sudo_add_use_pty
-- service_firewalld_enabled
-- audit_rules_media_export
-- service_auditd_enabled
-- file_groupowner_backup_etc_passwd
-- package_cryptsetup-luks_installed
-- accounts_tmout
-- file_group_ownership_var_log_audit
-- file_owner_cron_monthly
-- file_permissions_cron_daily
-- accounts_password_set_max_life_existing
-- auditd_audispd_syslog_plugin_activated
+- sshd_set_login_grace_time
+- file_owner_etc_passwd
+- accounts_password_warn_age_login_defs
+- network_nmcli_permissions
 - package_sudo_installed
-- sshd_disable_x11_forwarding
-- file_owner_cron_weekly
-- accounts_set_post_pw_existing
-- grub2_audit_argument
-- service_rsyncd_disabled
-- file_groupowner_cron_d
-- sshd_set_max_auth_tries
+- file_groupowner_cron_weekly
+- selinux_state
+- file_permissions_var_log_audit
+- file_owner_user_cfg
+- file_groupowner_cron_daily
+- sysctl_net_ipv4_tcp_syncookies
+- file_owner_crontab
+- package_talk_removed
+- package_chrony_installed
+- audit_rules_login_events_lastlog
 - audit_rules_time_watch_localtime
-- accounts_password_pam_dcredit
-- sysctl_net_ipv4_conf_default_send_redirects
-- file_owner_etc_group
-- bios_enable_execution_restrictions
-- nftables_ensure_default_deny_policy
-- package_logrotate_installed
-- package_talk-server_removed
-- accounts_password_all_shadowed
-- file_groupowner_etc_group
-- file_permissions_crontab
-- file_permissions_grub2_cfg
-- file_permissions_sshd_private_key
-- set_password_hashing_algorithm_logindefs
-- sysctl_kernel_randomize_va_space
-- package_xinetd_removed
-- accounts_no_uid_except_zero
-- accounts_password_pam_lcredit
-- accounts_passwords_pam_faillock_unlock_time
-- audit_rules_file_deletion_events_rename
-- audit_rules_session_events
-- audit_rules_file_deletion_events_unlinkat
-- package_rsh_removed
+- dconf_gnome_screensaver_mode_blank
+- file_owner_cron_hourly
+- package_libselinux_installed
+- file_groupowner_backup_etc_passwd
+- sshd_set_loglevel_verbose
+- audit_rules_dac_modification_fchown
+- file_permissions_etc_shadow
+- kernel_module_dccp_disabled
+- package_ftp_removed
+- package_telnet_removed
+- service_avahi-daemon_disabled
 - package_audispd-plugins_installed
-- service_chronyd_or_ntpd_enabled
-- audit_rules_dac_modification_removexattr
-- dconf_db_up_to_date
-- audit_rules_mac_modification
-- audit_rules_usergroup_modification_gshadow
-- no_empty_passwords_etc_shadow
+- file_permissions_cron_monthly
+- file_permissions_cron_allow
+- sudo_require_authentication
 - audit_rules_dac_modification_fchmodat
-- file_groupowner_cron_allow
+- securetty_root_login_console_only
+- audit_rules_dac_modification_fsetxattr
+- set_password_hashing_algorithm_libuserconf
+- service_rsyncd_disabled
+- set_firewalld_default_zone
+- audit_rules_networkconfig_modification
+- file_permissions_sshd_private_key
+- rsyslog_files_groupownership
 - service_rpcbind_disabled
-- ensure_pam_wheel_group_empty
-- aide_periodic_cron_checking
-- audit_rules_time_adjtimex
-- audit_rules_time_stime
-- sshd_limit_user_access
-- grub2_enable_selinux
-- package_nftables_installed
-- ensure_gpgcheck_never_disabled
-- file_groupowner_user_cfg
+- sysctl_kernel_randomize_va_space
 - package_tftp-server_removed
-- coredump_disable_backtraces
-- file_owner_user_cfg
-- gnome_gdm_disable_automatic_login
-- sysctl_net_ipv4_tcp_syncookies
-- use_pam_wheel_group_for_su
-- coredump_disable_storage
-- sudo_require_authentication
-- file_owner_cron_d
+- file_owner_backup_etc_group
+- file_ownership_var_log_audit
 - file_permissions_ungroupowned
-- package_libselinux_installed
+- audit_rules_time_adjtimex
+- sysctl_net_ipv4_conf_all_send_redirects
+- accounts_password_pam_lcredit
 - audit_rules_login_events_tallylog
+- install_PAE_kernel_on_x86-32
+- file_permissions_unauthorized_world_writable
+- ensure_redhat_gpgkey_installed
+- auditd_name_format
+- grub2_enable_selinux
+- accounts_maximum_age_login_defs
+- kernel_module_sctp_disabled
+- file_permissions_cron_daily
+- set_password_hashing_algorithm_logindefs
+- sudo_require_reauthentication
+- directory_access_var_log_audit
+- dconf_gnome_session_idle_user_locks
+- ntpd_specify_remote_server
+- aide_periodic_cron_checking
+- gnome_gdm_disable_guest_login
+- dconf_gnome_screensaver_lock_delay
+- grub2_audit_backlog_limit_argument
+- sysctl_net_ipv4_conf_default_send_redirects
+- sshd_enable_pam
+- sshd_disable_tcp_forwarding
+- dconf_gnome_screensaver_lock_enabled
+- package_nftables_installed
+- disable_users_coredumps
+- audit_rules_usergroup_modification_shadow
+- file_permissions_sshd_pub_key
+- accounts_password_pam_pwhistory_remember_password_auth
+- display_login_attempts
+- file_cron_deny_not_exist
+- file_groupowner_grub2_cfg
+- package_xinetd_removed
+- audit_rules_time_stime
+- selinux_policytype
+- sysctl_net_ipv4_conf_all_rp_filter
+- package_ypbind_removed
+- package_audit_installed
+- service_ntpd_enabled
+- file_owner_cron_allow
+- sshd_disable_root_login
+- account_unique_name
+- package_talk-server_removed
+- audit_rules_dac_modification_lremovexattr
+- audit_rules_file_deletion_events_rmdir
+- file_owner_cron_monthly
 - package_dhcp_removed
-- dconf_gnome_disable_automount_open
-- ensure_root_password_configured
-- no_files_unowned_by_user
-- package_ftp_removed
-- package_telnet-server_removed
-- sshd_set_login_grace_time
+- sshd_set_keepalive
+- file_groupowner_etc_shadow
+- accounts_password_last_change_is_in_past
+- file_permissions_etc_issue_net
+- file_at_deny_not_exist
+- aide_build_database
+- set_password_hashing_algorithm_systemauth
+- file_permissions_crontab
+- disable_host_auth
+- file_owner_cron_daily
+- package_logrotate_installed
+- postfix_network_listening_disabled
+- gnome_gdm_disable_automatic_login
+- file_owner_etc_group
+- package_rsh-server_removed
+- file_owner_backup_etc_passwd
+- service_firewalld_enabled
+- audit_rules_dac_modification_chown
+- accounts_password_pam_pwhistory_remember_system_auth
+- package_net-snmp_removed
+- sshd_limit_user_access
+- audit_sudo_log_events
+- network_sniffer_disabled
+- sshd_set_max_auth_tries
+- sshd_set_maxstartups
+- file_groupowner_cron_hourly
 - audit_rules_usergroup_modification_opasswd
-- sysctl_net_ipv4_conf_all_secure_redirects
-- set_password_hashing_algorithm_libuserconf
-- file_permissions_cron_hourly
-- file_owner_backup_etc_shadow
-- audit_rules_time_settimeofday
-- kernel_module_sctp_disabled
 - var_multiple_time_servers=generic
 - var_auditd_admin_space_left_action=single
 - var_auditd_space_left=100MB
@@ -313,5 +314,4 @@ filter_rules: ''
 policies:
 - pcidss_4
 title: PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 7
-definition_location: /home/jcerny/work/git/content/products/rhel7/profiles/pci-dss.profile
 documentation_complete: true
diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile
index 45038c76ea7..0a47f35b4f9 100644
--- a/tests/data/profile_stability/rhel8/pci-dss.profile
+++ b/tests/data/profile_stability/rhel8/pci-dss.profile
@@ -11,6 +11,7 @@ description: 'Payment Card Industry - Data Security Standard (PCI-DSS) is a set
 
     with PCI-DSS v4.0 requirements.'
 extends: null
+hidden: ''
 metadata:
     version: '4.0'
     SMEs:
@@ -19,261 +20,262 @@ metadata:
     - vojtapolasek
 reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
 selections:
-- file_permissions_cron_d
-- audit_rules_immutable
-- auditd_audispd_syslog_plugin_activated
-- coredump_disable_backtraces
-- file_permissions_user_cfg
-- audit_rules_login_events_lastlog
-- file_at_deny_not_exist
-- file_owner_backup_etc_passwd
-- file_owner_cron_hourly
-- file_permissions_etc_shadow
-- file_owner_grub2_cfg
-- set_firewalld_default_zone
-- accounts_passwords_pam_faillock_deny
-- audit_rules_media_export
-- dconf_gnome_screensaver_lock_delay
-- file_owner_cron_d
-- file_groupowner_backup_etc_group
-- file_permissions_grub2_cfg
-- audit_rules_usergroup_modification_passwd
-- no_files_unowned_by_user
-- audit_rules_dac_modification_lremovexattr
-- audit_rules_suid_privilege_function
-- package_xinetd_removed
-- selinux_policytype
-- sshd_disable_root_login
-- file_groupowner_user_cfg
-- sshd_disable_empty_passwords
-- accounts_password_pam_unix_remember
-- accounts_no_uid_except_zero
-- file_owner_cron_daily
-- sshd_disable_rhosts
-- accounts_tmout
-- file_groupowner_cron_hourly
-- sshd_set_maxstartups
-- selinux_confinement_of_daemons
-- sysctl_net_ipv4_conf_default_send_redirects
-- audit_rules_time_clock_settime
-- package_dhcp_removed
-- file_permissions_etc_passwd
-- sysctl_net_ipv6_conf_default_accept_source_route
-- file_permissions_sshd_private_key
-- file_permissions_cron_allow
-- audit_rules_dac_modification_fsetxattr
-- auditd_data_retention_space_left_action
-- enable_authselect
-- sysctl_net_ipv4_conf_all_rp_filter
-- sshd_use_approved_macs
-- gnome_gdm_disable_automatic_login
-- sysctl_net_ipv4_conf_default_accept_redirects
-- file_groupowner_crontab
-- file_permissions_sshd_pub_key
-- audit_rules_time_stime
-- grub2_audit_argument
+- directory_access_var_log_audit
 - audit_rules_login_events_faillock
+- account_disable_post_pw_expiration
 - auditd_data_retention_space_left
-- file_owner_user_cfg
-- kernel_module_dccp_disabled
-- sshd_enable_pam
-- audit_rules_networkconfig_modification
-- set_ip6tables_default_rule
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- package_ypserv_removed
-- coredump_disable_storage
-- dconf_gnome_screensaver_lock_enabled
-- disable_host_auth
-- audit_rules_dac_modification_fchownat
-- file_permissions_etc_group
-- file_permissions_unauthorized_world_writable
-- bios_enable_execution_restrictions
-- sudo_custom_logfile
-- file_permissions_cron_weekly
+- audit_rules_file_deletion_events_rmdir
 - audit_sudo_log_events
-- aide_build_database
-- network_sniffer_disabled
-- package_nftables_installed
-- rsyslog_files_permissions
-- sshd_set_login_grace_time
-- audit_rules_usergroup_modification_shadow
-- file_permissions_at_allow
-- audit_rules_file_deletion_events_renameat
-- accounts_password_pam_pwhistory_remember_password_auth
-- audit_rules_dac_modification_fchmodat
-- file_permissions_backup_etc_shadow
+- audit_rules_dac_modification_chmod
+- sshd_set_idle_timeout
+- sshd_use_strong_kex
+- file_groupowner_backup_etc_passwd
+- file_groupowner_cron_daily
+- file_permissions_ungroupowned
+- sshd_set_maxstartups
+- grub2_audit_argument
+- file_groupowner_backup_etc_shadow
 - aide_periodic_cron_checking
+- package_ypserv_removed
 - package_sudo_installed
-- file_group_ownership_var_log_audit
-- service_rpcbind_disabled
-- service_auditd_enabled
-- audit_rules_usergroup_modification_group
-- set_password_hashing_algorithm_libuserconf
-- dconf_gnome_screensaver_idle_delay
-- audit_rules_dac_modification_chown
+- dconf_db_up_to_date
 - accounts_maximum_age_login_defs
-- account_disable_post_pw_expiration
-- file_owner_etc_shadow
-- account_unique_name
-- directory_access_var_log_audit
-- file_owner_cron_weekly
-- file_groupowner_cron_weekly
-- no_direct_root_logins
 - security_patches_up_to_date
-- file_groupowner_grub2_cfg
-- audit_rules_file_deletion_events_rename
-- audit_rules_file_deletion_events_rmdir
-- accounts_password_pam_lcredit
+- set_password_hashing_algorithm_libuserconf
+- file_owner_etc_passwd
+- sshd_do_not_permit_user_env
+- sshd_use_approved_macs
+- file_permissions_etc_group
+- group_unique_id
+- file_owner_cron_monthly
+- audit_rules_dac_modification_fchownat
+- file_groupowner_cron_allow
+- service_nftables_disabled
 - file_groupowner_cron_d
-- audit_rules_file_deletion_events_unlinkat
-- file_groupowner_etc_shadow
-- file_permissions_var_log_audit
-- package_logrotate_installed
-- file_owner_backup_etc_shadow
-- file_ownership_var_log_audit
-- display_login_attempts
+- rpm_verify_hashes
+- accounts_passwords_pam_faillock_deny
 - sshd_limit_user_access
-- no_shelllogin_for_systemaccounts
-- accounts_password_set_max_life_existing
-- package_ypbind_removed
-- file_owner_backup_etc_group
-- package_telnet-server_removed
-- package_chrony_installed
+- audit_rules_time_stime
+- package_aide_installed
+- accounts_password_pam_unix_remember
+- audit_rules_usergroup_modification_opasswd
 - package_tftp_removed
-- sysctl_net_ipv4_conf_all_secure_redirects
-- service_nftables_disabled
+- accounts_root_gid_zero
 - sysctl_net_ipv4_ip_forward
-- kernel_module_sctp_disabled
-- audit_rules_time_adjtimex
-- package_aide_installed
-- file_groupowner_etc_issue_net
-- configure_firewalld_ports
-- audit_rules_dac_modification_lsetxattr
-- chronyd_run_as_chrony_user
-- ensure_gpgcheck_never_disabled
+- auditd_data_retention_space_left_action
+- file_cron_deny_not_exist
+- service_rsyncd_disabled
+- dconf_gnome_disable_automount_open
+- wireless_disable_interfaces
+- audit_rules_dac_modification_lchown
+- dconf_gnome_screensaver_idle_activation_enabled
+- file_permissions_cron_monthly
+- audit_rules_session_events
+- file_permissions_cron_daily
+- sysctl_net_ipv4_conf_default_send_redirects
 - file_owner_crontab
-- file_permissions_backup_etc_passwd
-- audit_rules_dac_modification_fremovexattr
-- file_owner_etc_group
-- sshd_set_idle_timeout
-- configure_ssh_crypto_policy
+- file_permissions_cron_allow
 - no_password_auth_for_systemaccounts
-- file_owner_cron_monthly
+- audit_rules_dac_modification_lremovexattr
+- file_permissions_backup_etc_shadow
+- audit_rules_suid_privilege_function
+- file_permissions_grub2_cfg
+- selinux_confinement_of_daemons
+- package_tftp-server_removed
+- file_owner_etc_group
 - set_password_hashing_algorithm_logindefs
-- ensure_gpgcheck_globally_activated
-- audit_rules_dac_modification_removexattr
-- file_groupowner_backup_etc_passwd
-- sshd_disable_x11_forwarding
+- sudo_require_reauthentication
+- file_owner_backup_etc_passwd
+- package_telnet-server_removed
+- securetty_root_login_console_only
+- bios_enable_execution_restrictions
+- file_owner_cron_daily
+- service_firewalld_enabled
+- use_pam_wheel_group_for_su
+- accounts_password_pam_minlen
+- chronyd_run_as_chrony_user
+- file_group_ownership_var_log_audit
+- file_ownership_var_log_audit
+- file_permissions_at_allow
+- package_dhcp_removed
+- auditd_name_format
 - kernel_module_usb-storage_disabled
-- audit_rules_usergroup_modification_gshadow
-- audit_rules_mac_modification
-- ensure_redhat_gpgkey_installed
-- file_groupowner_backup_etc_shadow
-- firewalld_loopback_traffic_trusted
+- rsyslog_files_groupownership
+- disable_host_auth
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- audit_rules_immutable
+- file_permissions_backup_etc_passwd
+- audit_rules_time_clock_settime
+- accounts_password_warn_age_login_defs
+- file_permissions_cron_hourly
+- sysctl_kernel_core_pattern
+- audit_rules_networkconfig_modification
+- rsyslog_files_ownership
+- audit_rules_usergroup_modification_passwd
+- network_sniffer_disabled
+- audit_rules_usergroup_modification_shadow
+- file_groupowner_backup_etc_group
+- sshd_set_max_sessions
+- no_files_unowned_by_user
+- file_groupowner_cron_hourly
+- file_permissions_etc_issue_net
+- file_groupowner_crontab
+- configure_crypto_policy
+- sudo_add_use_pty
+- set_firewalld_default_zone
+- sudo_custom_logfile
 - grub2_audit_backlog_limit_argument
-- sshd_use_strong_kex
-- accounts_password_all_shadowed
-- sshd_set_max_auth_tries
-- audit_rules_session_events
+- grub2_enable_selinux
+- accounts_password_pam_pwhistory_remember_password_auth
+- file_groupowner_grub2_cfg
+- package_ypbind_removed
+- file_owner_cron_weekly
+- audit_rules_time_adjtimex
+- ensure_gpgcheck_globally_activated
 - ensure_pam_wheel_group_empty
-- sysctl_net_ipv4_tcp_syncookies
+- network_nmcli_permissions
+- package_net-snmp_removed
+- sysctl_net_ipv4_conf_all_secure_redirects
+- sshd_disable_root_login
+- ensure_redhat_gpgkey_installed
+- service_avahi-daemon_disabled
+- no_shelllogin_for_systemaccounts
+- auditd_data_retention_admin_space_left_action
+- install_PAE_kernel_on_x86-32
+- package_audispd-plugins_installed
+- package_chrony_installed
+- account_unique_id
+- dconf_gnome_screensaver_mode_blank
+- audit_rules_dac_modification_fchown
+- sshd_disable_empty_passwords
+- sysctl_net_ipv4_conf_all_rp_filter
+- package_telnet_removed
+- file_permissions_var_log_audit
+- package_ftp_removed
+- no_empty_passwords
+- file_permissions_cron_weekly
+- file_permissions_user_cfg
+- package_firewalld_installed
+- package_nftables_installed
+- audit_rules_login_events_tallylog
+- gid_passwd_group_same
+- audit_rules_dac_modification_removexattr
+- service_auditd_enabled
+- ensure_root_password_configured
+- audit_rules_dac_modification_chown
+- ensure_gpgcheck_never_disabled
+- audit_rules_dac_modification_fremovexattr
+- file_owner_grub2_cfg
+- file_permissions_cron_d
+- accounts_password_set_max_life_existing
+- enable_authselect
+- group_unique_name
+- service_chronyd_or_ntpd_enabled
+- selinux_policytype
+- file_permissions_sshd_pub_key
+- aide_build_database
+- file_permissions_etc_shadow
+- audit_rules_dac_modification_fsetxattr
+- selinux_state
+- dconf_gnome_session_idle_user_locks
+- audit_rules_time_settimeofday
 - audit_rules_time_watch_localtime
-- file_owner_cron_allow
-- configure_crypto_policy
+- gnome_gdm_disable_guest_login
+- file_groupowner_etc_passwd
+- audit_rules_dac_modification_fchmod
+- file_groupowner_cron_monthly
+- account_unique_name
+- audit_rules_sysadmin_actions
+- sysctl_net_ipv6_conf_default_accept_source_route
+- package_logrotate_installed
+- sysctl_kernel_randomize_va_space
+- no_empty_passwords_etc_shadow
+- dconf_gnome_screensaver_lock_delay
+- service_rpcbind_disabled
+- file_groupowner_etc_group
+- sshd_disable_rhosts
+- file_permissions_sshd_config
 - sshd_disable_tcp_forwarding
-- audit_rules_dac_modification_fchown
-- dconf_db_up_to_date
-- package_tftp-server_removed
-- audit_rules_dac_modification_lchown
-- firewalld_loopback_traffic_restricted
+- dconf_gnome_screensaver_idle_delay
+- dconf_gnome_disable_automount
+- package_xinetd_removed
+- sysctl_net_ipv4_conf_all_send_redirects
+- sysctl_fs_suid_dumpable
+- accounts_passwords_pam_faillock_unlock_time
+- configure_ssh_crypto_policy
+- file_owner_cron_allow
+- file_owner_cron_d
+- set_ip6tables_default_rule
 - sudo_require_authentication
-- package_libselinux_installed
-- use_pam_wheel_group_for_su
-- wireless_disable_interfaces
+- sshd_set_keepalive
+- firewalld_loopback_traffic_trusted
+- sshd_use_approved_ciphers
+- kernel_module_dccp_disabled
+- accounts_set_post_pw_existing
+- audit_rules_file_deletion_events_rename
 - file_permissions_backup_etc_group
+- file_permissions_crontab
+- audit_rules_mac_modification
+- file_groupowner_at_allow
+- firewalld_loopback_traffic_restricted
+- file_permissions_etc_passwd
+- audit_rules_usergroup_modification_group
+- audit_rules_dac_modification_setxattr
+- file_owner_etc_shadow
 - package_audit_installed
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- audit_rules_login_events_lastlog
+- no_direct_root_logins
+- display_login_attempts
+- audit_rules_usergroup_modification_gshadow
+- sshd_set_login_grace_time
+- audit_rules_media_export
+- file_permissions_sshd_private_key
+- audit_rules_dac_modification_fchmodat
+- sysctl_net_ipv4_tcp_syncookies
+- package_libselinux_installed
+- kernel_module_sctp_disabled
+- accounts_password_all_shadowed
+- file_groupowner_etc_issue_net
+- rpm_verify_ownership
+- accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_pam_dcredit
+- file_groupowner_user_cfg
+- accounts_no_uid_except_zero
+- sysctl_net_ipv4_conf_default_accept_redirects
+- accounts_tmout
 - accounts_password_set_warn_age_existing
-- account_unique_id
-- file_cron_deny_not_exist
-- file_permissions_cron_daily
-- rsyslog_files_groupownership
+- postfix_network_listening_disabled
+- accounts_password_last_change_is_in_past
+- coredump_disable_storage
+- gnome_gdm_disable_automatic_login
 - disable_users_coredumps
-- sudo_require_reauthentication
-- accounts_password_pam_minlen
-- sysctl_fs_suid_dumpable
-- package_audispd-plugins_installed
-- accounts_passwords_pam_faillock_unlock_time
-- audit_rules_dac_modification_fchmod
 - audit_rules_file_deletion_events_unlink
-- dconf_gnome_screensaver_mode_blank
-- service_avahi-daemon_disabled
-- sshd_do_not_permit_user_env
-- dir_perms_world_writable_sticky_bits
 - set_password_hashing_algorithm_systemauth
-- rsyslog_files_ownership
-- postfix_network_listening_disabled
-- service_firewalld_enabled
-- audit_rules_dac_modification_chmod
-- accounts_password_pam_pwhistory_remember_system_auth
-- file_groupowner_etc_passwd
-- no_empty_passwords
-- file_permissions_ungroupowned
-- auditd_name_format
-- install_PAE_kernel_on_x86-32
-- accounts_password_warn_age_login_defs
-- ensure_root_password_configured
-- selinux_state
-- file_groupowner_cron_allow
-- sshd_use_approved_ciphers
-- audit_rules_login_events_tallylog
-- network_nmcli_permissions
+- dir_perms_world_writable_sticky_bits
+- file_at_deny_not_exist
 - sshd_set_loglevel_verbose
-- gnome_gdm_disable_guest_login
-- group_unique_name
-- sysctl_kernel_core_pattern
-- sshd_set_keepalive
-- file_permissions_cron_monthly
-- dconf_gnome_disable_automount_open
-- dconf_gnome_disable_automount
+- coredump_disable_backtraces
+- audit_rules_file_deletion_events_renameat
+- audit_rules_dac_modification_lsetxattr
+- auditd_audispd_syslog_plugin_activated
+- sshd_disable_x11_forwarding
+- sshd_enable_pam
+- file_owner_backup_etc_group
+- file_owner_backup_etc_shadow
+- file_permissions_unauthorized_world_writable
+- configure_firewalld_ports
+- accounts_password_pam_lcredit
+- file_groupowner_cron_weekly
+- file_owner_cron_hourly
+- sshd_set_max_auth_tries
 - chronyd_specify_remote_server
-- file_groupowner_etc_group
-- file_groupowner_cron_daily
-- dconf_gnome_screensaver_idle_activation_enabled
-- file_owner_etc_passwd
-- package_ftp_removed
-- audit_rules_sysadmin_actions
-- file_groupowner_cron_monthly
-- file_permissions_sshd_config
-- audit_rules_time_settimeofday
-- securetty_root_login_console_only
-- file_permissions_etc_issue_net
-- accounts_password_last_change_is_in_past
-- gid_passwd_group_same
-- rpm_verify_ownership
-- accounts_password_pam_dcredit
-- service_rsyncd_disabled
-- accounts_root_gid_zero
-- grub2_enable_selinux
-- package_net-snmp_removed
-- sshd_set_max_sessions
-- sudo_add_use_pty
-- file_groupowner_at_allow
-- group_unique_id
-- package_telnet_removed
-- audit_rules_dac_modification_setxattr
-- no_empty_passwords_etc_shadow
+- file_groupowner_etc_shadow
 - file_owner_etc_issue_net
-- accounts_set_post_pw_existing
-- sysctl_net_ipv4_conf_all_send_redirects
-- rpm_verify_hashes
-- audit_rules_usergroup_modification_opasswd
-- dconf_gnome_session_idle_user_locks
-- file_permissions_crontab
-- auditd_data_retention_admin_space_left_action
-- file_permissions_cron_hourly
-- service_chronyd_or_ntpd_enabled
-- sysctl_kernel_randomize_va_space
+- rsyslog_files_permissions
+- audit_rules_file_deletion_events_unlinkat
+- file_owner_user_cfg
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+- dconf_gnome_screensaver_lock_enabled
 - var_multiple_time_servers=generic
 - var_auditd_admin_space_left_action=single
 - var_auditd_space_left=100MB
@@ -310,5 +312,4 @@ filter_rules: ''
 policies:
 - pcidss_4
 title: PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 8
-definition_location: /home/mburket/Developer/ComplianceAsCode/content/products/rhel8/profiles/pci-dss.profile
 documentation_complete: true
diff --git a/tests/data/profile_stability/rhel9/pci-dss.profile b/tests/data/profile_stability/rhel9/pci-dss.profile
index 9106e5801b7..0b81f0c2f77 100644
--- a/tests/data/profile_stability/rhel9/pci-dss.profile
+++ b/tests/data/profile_stability/rhel9/pci-dss.profile
@@ -20,253 +20,254 @@ metadata:
     - vojtapolasek
 reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
 selections:
-- coredump_disable_storage
-- accounts_passwords_pam_faillock_unlock_time
-- audit_rules_session_events
-- firewalld_loopback_traffic_restricted
-- set_password_hashing_algorithm_libuserconf
-- audit_rules_login_events_lastlog
-- directory_access_var_log_audit
-- file_owner_grub2_cfg
-- no_shelllogin_for_systemaccounts
+- audit_rules_dac_modification_fchown
+- audit_rules_media_export
+- audit_rules_usergroup_modification_shadow
+- file_at_deny_not_exist
+- package_libselinux_installed
+- package_tftp_removed
+- sshd_disable_empty_passwords
 - file_owner_cron_allow
 - dconf_gnome_screensaver_idle_delay
-- ensure_root_password_configured
-- file_owner_cron_daily
-- file_owner_backup_etc_shadow
-- service_avahi-daemon_disabled
-- package_audispd-plugins_installed
-- sshd_set_login_grace_time
+- audit_rules_dac_modification_fsetxattr
+- accounts_password_pam_dcredit
+- file_groupowner_cron_allow
+- ensure_gpgcheck_never_disabled
+- audit_rules_file_deletion_events_unlink
 - file_owner_cron_hourly
-- audit_rules_dac_modification_lsetxattr
-- file_groupowner_cron_d
-- package_logrotate_installed
-- audit_rules_networkconfig_modification
-- rsyslog_files_permissions
-- dconf_gnome_disable_automount_open
-- sshd_set_loglevel_verbose
-- package_nftables_installed
-- audit_rules_time_stime
-- auditd_data_retention_space_left_action
-- bios_enable_execution_restrictions
-- audit_sudo_log_events
-- audit_rules_sysadmin_actions
-- accounts_tmout
-- file_owner_backup_etc_group
-- grub2_audit_backlog_limit_argument
-- audit_rules_file_deletion_events_unlinkat
+- audit_rules_dac_modification_removexattr
 - file_groupowner_backup_etc_shadow
-- file_permissions_cron_daily
-- file_groupowner_backup_etc_passwd
-- set_password_hashing_algorithm_systemauth
-- sshd_limit_user_access
-- sshd_set_max_sessions
-- file_permissions_crontab
+- file_groupowner_cron_daily
+- auditd_data_retention_space_left_action
+- file_permissions_backup_etc_group
 - file_permissions_at_allow
-- file_owner_etc_passwd
-- package_sudo_installed
-- file_owner_backup_etc_passwd
-- audit_rules_login_events_faillock
-- audit_rules_file_deletion_events_rename
-- file_groupowner_etc_passwd
-- file_permissions_etc_shadow
-- sudo_require_reauthentication
-- package_telnet_removed
-- file_permissions_unauthorized_world_writable
-- audit_rules_dac_modification_fchown
-- chronyd_run_as_chrony_user
-- file_at_deny_not_exist
-- file_groupowner_crontab
-- sysctl_fs_suid_dumpable
-- selinux_confinement_of_daemons
+- file_groupowner_cron_monthly
+- service_rsyncd_disabled
+- file_permissions_sshd_pub_key
+- directory_access_var_log_audit
+- file_permissions_user_cfg
+- service_rpcbind_disabled
+- accounts_tmout
+- file_owner_cron_weekly
 - security_patches_up_to_date
-- file_permissions_cron_weekly
-- file_cron_deny_not_exist
-- file_permissions_etc_group
-- accounts_password_set_max_life_existing
-- package_audit_installed
-- file_permissions_var_log_audit
+- file_permissions_backup_etc_shadow
+- selinux_confinement_of_daemons
 - accounts_no_uid_except_zero
-- disable_host_auth
-- file_permissions_ungroupowned
-- dconf_gnome_screensaver_lock_enabled
-- sshd_disable_empty_passwords
-- aide_build_database
-- file_owner_user_cfg
-- package_tftp-server_removed
+- file_permissions_backup_etc_passwd
+- grub2_enable_selinux
+- file_cron_deny_not_exist
+- securetty_root_login_console_only
 - dconf_gnome_screensaver_mode_blank
-- audit_rules_file_deletion_events_renameat
-- accounts_password_all_shadowed
-- audit_rules_mac_modification
-- account_unique_id
-- accounts_set_post_pw_existing
-- audit_rules_login_events_tallylog
-- file_ownership_var_log_audit
-- file_permissions_cron_d
-- disable_users_coredumps
+- file_permissions_var_log_audit
+- chronyd_specify_remote_server
+- file_groupowner_etc_passwd
+- accounts_password_pam_lcredit
 - file_groupowner_cron_hourly
+- use_pam_wheel_group_for_su
+- no_files_unowned_by_user
+- set_ip6tables_default_rule
+- audit_rules_usergroup_modification_opasswd
+- file_groupowner_user_cfg
+- file_owner_crontab
+- dconf_gnome_disable_automount_open
+- sshd_limit_user_access
+- chronyd_run_as_chrony_user
+- file_owner_cron_monthly
+- rsyslog_files_groupownership
+- audit_rules_usergroup_modification_gshadow
+- aide_periodic_cron_checking
+- audit_rules_networkconfig_modification
+- audit_rules_file_deletion_events_unlinkat
+- sshd_disable_root_login
+- accounts_password_pam_pwhistory_remember_password_auth
+- sysctl_net_ipv4_conf_all_send_redirects
+- file_groupowner_etc_group
+- ensure_root_password_configured
+- selinux_policytype
+- file_owner_etc_shadow
+- audit_rules_login_events_tallylog
+- file_permissions_cron_allow
+- account_unique_name
+- sshd_do_not_permit_user_env
+- file_owner_cron_daily
+- gid_passwd_group_same
+- file_groupowner_backup_etc_group
 - dconf_db_up_to_date
+- kernel_module_usb-storage_disabled
+- accounts_passwords_pam_faillock_unlock_time
+- package_ftp_removed
+- accounts_maximum_age_login_defs
+- audit_rules_time_stime
+- dconf_gnome_screensaver_lock_enabled
+- accounts_password_pam_unix_remember
 - sysctl_net_ipv4_ip_forward
-- file_owner_cron_monthly
-- set_password_hashing_algorithm_logindefs
+- ensure_pam_wheel_group_empty
+- wireless_disable_interfaces
+- audit_rules_file_deletion_events_rmdir
+- audit_rules_time_settimeofday
+- file_group_ownership_var_log_audit
 - audit_rules_usergroup_modification_passwd
-- no_password_auth_for_systemaccounts
-- sshd_set_maxstartups
-- dconf_gnome_screensaver_idle_activation_enabled
-- file_groupowner_cron_allow
-- sudo_add_use_pty
-- accounts_maximum_age_login_defs
-- configure_firewalld_ports
+- accounts_password_set_warn_age_existing
+- auditd_data_retention_admin_space_left_action
+- audit_rules_sysadmin_actions
 - service_firewalld_enabled
-- audit_rules_dac_modification_lchown
-- ensure_redhat_gpgkey_installed
-- file_owner_etc_group
-- accounts_password_pam_pwhistory_remember_password_auth
+- network_sniffer_disabled
+- sudo_require_reauthentication
+- file_groupowner_etc_shadow
+- set_password_hashing_algorithm_libuserconf
+- accounts_passwords_pam_faillock_deny
+- file_owner_etc_passwd
+- auditd_name_format
+- accounts_password_set_max_life_existing
+- accounts_set_post_pw_existing
+- file_groupowner_crontab
+- audit_sudo_log_events
+- package_nftables_installed
+- set_password_hashing_algorithm_systemauth
+- sshd_disable_tcp_forwarding
 - display_login_attempts
+- file_owner_etc_group
+- enable_authselect
 - group_unique_id
-- kernel_module_sctp_disabled
-- selinux_policytype
-- file_groupowner_user_cfg
+- disable_users_coredumps
+- firewalld_loopback_traffic_trusted
+- sudo_custom_logfile
+- audit_rules_usergroup_modification_group
+- file_owner_backup_etc_passwd
+- package_audispd-plugins_installed
+- sysctl_net_ipv4_conf_default_send_redirects
+- firewalld_loopback_traffic_restricted
+- sysctl_net_ipv4_conf_all_secure_redirects
+- audit_rules_dac_modification_lsetxattr
+- no_empty_passwords_etc_shadow
+- audit_rules_mac_modification
 - dconf_gnome_disable_automount
-- timer_logrotate_enabled
-- file_groupowner_cron_weekly
+- sshd_set_login_grace_time
+- audit_rules_dac_modification_chown
+- grub2_audit_backlog_limit_argument
+- file_owner_backup_etc_group
+- sysctl_net_ipv6_conf_default_accept_source_route
+- accounts_password_pam_minlen
+- auditd_data_retention_space_left
+- package_sudo_installed
+- sshd_set_maxstartups
+- audit_rules_login_events_lastlog
+- grub2_audit_argument
+- sysctl_kernel_randomize_va_space
+- file_permissions_cron_weekly
+- file_owner_etc_issue_net
+- no_direct_root_logins
+- sysctl_kernel_core_pattern
+- kernel_module_sctp_disabled
+- package_firewalld_installed
+- file_permissions_etc_group
+- audit_rules_file_deletion_events_renameat
+- sshd_set_max_sessions
+- accounts_password_all_shadowed
+- file_permissions_sshd_config
+- sshd_set_loglevel_verbose
+- audit_rules_time_adjtimex
+- package_logrotate_installed
+- file_owner_user_cfg
+- package_telnet-server_removed
+- package_cryptsetup-luks_installed
+- sudo_add_use_pty
+- dconf_gnome_screensaver_idle_activation_enabled
 - package_net-snmp_removed
-- coredump_disable_backtraces
-- enable_authselect
-- auditd_data_retention_admin_space_left_action
-- file_groupowner_etc_issue_net
-- file_permissions_user_cfg
-- network_nmcli_permissions
-- sysctl_net_ipv4_conf_all_send_redirects
-- gnome_gdm_disable_automatic_login
+- file_ownership_var_log_audit
+- service_avahi-daemon_disabled
+- sysctl_net_ipv4_conf_all_rp_filter
+- audit_rules_dac_modification_fremovexattr
+- file_permissions_etc_passwd
+- rpm_verify_hashes
+- aide_build_database
+- file_groupowner_cron_d
+- audit_rules_immutable
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+- ensure_redhat_gpgkey_installed
 - rpm_verify_ownership
-- configure_ssh_crypto_policy
+- service_nftables_disabled
+- no_shelllogin_for_systemaccounts
 - dconf_gnome_screensaver_lock_delay
-- audit_rules_usergroup_modification_shadow
-- file_permissions_etc_passwd
-- ensure_pam_wheel_group_empty
-- file_permissions_backup_etc_shadow
-- kernel_module_dccp_disabled
-- file_owner_crontab
-- sudo_custom_logfile
-- sshd_disable_tcp_forwarding
-- sshd_disable_x11_forwarding
-- ensure_gpgcheck_never_disabled
+- accounts_root_gid_zero
+- coredump_disable_backtraces
+- sysctl_net_ipv4_conf_default_accept_redirects
+- configure_ssh_crypto_policy
 - audit_rules_dac_modification_fchmod
-- file_owner_etc_issue_net
-- account_disable_post_pw_expiration
-- accounts_password_pam_lcredit
+- file_groupowner_cron_weekly
+- sshd_set_max_auth_tries
+- account_unique_id
+- file_owner_backup_etc_shadow
+- file_permissions_sshd_private_key
+- set_password_hashing_algorithm_logindefs
+- file_owner_cron_d
+- service_auditd_enabled
 - sshd_enable_pam
-- audit_rules_file_deletion_events_unlink
-- set_firewalld_default_zone
-- sshd_set_keepalive
 - sysctl_net_ipv4_tcp_syncookies
-- postfix_network_listening_disabled
-- rsyslog_files_groupownership
-- selinux_state
-- no_direct_root_logins
-- service_auditd_enabled
-- file_permissions_grub2_cfg
-- audit_rules_time_watch_localtime
-- file_permissions_sshd_private_key
-- accounts_password_pam_unix_remember
-- audit_rules_time_adjtimex
+- package_dhcp_removed
+- audit_rules_session_events
+- coredump_disable_storage
 - no_empty_passwords
-- package_cryptsetup-luks_installed
-- grub2_enable_selinux
-- file_permissions_sshd_pub_key
-- service_nftables_disabled
-- accounts_password_pam_minlen
-- file_permissions_cron_allow
-- audit_rules_dac_modification_fchmodat
-- use_pam_wheel_group_for_su
-- grub2_audit_argument
-- sysctl_net_ipv4_conf_all_secure_redirects
-- auditd_audispd_syslog_plugin_activated
-- file_owner_cron_d
+- package_audit_installed
+- accounts_password_last_change_is_in_past
+- timer_logrotate_enabled
 - accounts_password_pam_pwhistory_remember_system_auth
-- audit_rules_time_clock_settime
-- file_permissions_etc_issue_net
-- dir_perms_world_writable_sticky_bits
-- service_rsyncd_disabled
-- auditd_data_retention_space_left
-- sysctl_kernel_randomize_va_space
-- sysctl_net_ipv4_conf_all_rp_filter
-- sshd_set_max_auth_tries
-- audit_rules_dac_modification_chmod
-- sysctl_net_ipv4_conf_default_accept_redirects
-- package_telnet-server_removed
-- audit_rules_suid_privilege_function
-- audit_rules_time_settimeofday
-- sshd_disable_root_login
-- sysctl_net_ipv6_conf_default_accept_source_route
-- audit_rules_usergroup_modification_group
-- audit_rules_dac_modification_fsetxattr
-- file_permissions_backup_etc_passwd
-- audit_rules_dac_modification_removexattr
-- file_permissions_sshd_config
-- file_group_ownership_var_log_audit
-- audit_rules_dac_modification_setxattr
-- audit_rules_immutable
-- package_tftp_removed
-- network_sniffer_disabled
-- auditd_name_format
-- no_empty_passwords_etc_shadow
-- package_dhcp_removed
-- audit_rules_dac_modification_lremovexattr
-- file_groupowner_at_allow
-- package_aide_installed
-- audit_rules_media_export
-- rpm_verify_hashes
 - file_permissions_cron_monthly
-- package_ftp_removed
-- securetty_root_login_console_only
+- package_chrony_installed
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- audit_rules_dac_modification_lremovexattr
+- audit_rules_dac_modification_lchown
+- audit_rules_dac_modification_chmod
+- dconf_gnome_session_idle_user_locks
+- auditd_audispd_syslog_plugin_activated
+- gnome_gdm_disable_automatic_login
 - rsyslog_files_ownership
-- accounts_password_last_change_is_in_past
+- accounts_password_warn_age_login_defs
 - sshd_disable_rhosts
-- chronyd_specify_remote_server
-- file_groupowner_etc_group
-- file_groupowner_backup_etc_group
-- sysctl_net_ipv4_conf_default_send_redirects
-- file_permissions_backup_etc_group
+- package_tftp-server_removed
+- kernel_module_dccp_disabled
+- disable_host_auth
+- account_disable_post_pw_expiration
+- no_password_auth_for_systemaccounts
+- file_groupowner_at_allow
+- file_groupowner_backup_etc_passwd
+- file_permissions_unauthorized_world_writable
+- configure_firewalld_ports
 - audit_rules_dac_modification_fchownat
-- file_groupowner_grub2_cfg
-- kernel_module_usb-storage_disabled
-- package_libselinux_installed
-- accounts_password_pam_dcredit
-- service_rpcbind_disabled
-- audit_rules_file_deletion_events_rmdir
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- file_owner_cron_weekly
-- audit_rules_usergroup_modification_gshadow
-- gid_passwd_group_same
-- package_chrony_installed
-- sshd_do_not_permit_user_env
-- dconf_gnome_session_idle_user_locks
-- sudo_require_authentication
-- accounts_passwords_pam_faillock_deny
-- file_groupowner_cron_daily
-- file_owner_etc_shadow
-- account_unique_name
+- file_groupowner_etc_issue_net
+- audit_rules_file_deletion_events_rename
+- sysctl_fs_suid_dumpable
+- audit_rules_dac_modification_fchmodat
+- sshd_disable_x11_forwarding
+- bios_enable_execution_restrictions
+- configure_crypto_policy
+- file_permissions_grub2_cfg
 - sshd_set_idle_timeout
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- no_files_unowned_by_user
-- sysctl_kernel_core_pattern
-- file_groupowner_cron_monthly
-- audit_rules_dac_modification_chown
-- set_ip6tables_default_rule
-- audit_rules_dac_modification_fremovexattr
 - ensure_gpgcheck_globally_activated
-- firewalld_loopback_traffic_trusted
-- configure_crypto_policy
-- wireless_disable_interfaces
-- accounts_root_gid_zero
-- accounts_password_warn_age_login_defs
-- accounts_password_set_warn_age_existing
-- aide_periodic_cron_checking
-- file_groupowner_etc_shadow
-- audit_rules_usergroup_modification_opasswd
 - file_permissions_cron_hourly
+- selinux_state
+- file_permissions_crontab
+- file_permissions_ungroupowned
+- rsyslog_files_permissions
+- sudo_require_authentication
+- postfix_network_listening_disabled
+- audit_rules_login_events_faillock
+- dir_perms_world_writable_sticky_bits
+- file_owner_grub2_cfg
+- audit_rules_time_clock_settime
+- file_permissions_cron_d
+- audit_rules_dac_modification_setxattr
+- audit_rules_suid_privilege_function
+- package_aide_installed
+- file_permissions_etc_issue_net
+- file_permissions_cron_daily
+- sshd_set_keepalive
+- file_permissions_etc_shadow
+- package_telnet_removed
+- set_firewalld_default_zone
+- file_groupowner_grub2_cfg
+- network_nmcli_permissions
+- audit_rules_time_watch_localtime
 - var_multiple_time_servers=generic
 - var_auditd_admin_space_left_action=single
 - var_auditd_space_left=100MB
@@ -303,5 +304,4 @@ filter_rules: ''
 policies:
 - pcidss_4
 title: PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 9
-definition_location: /home/jcerny/work/git/content/products/rhel9/profiles/pci-dss.profile
 documentation_complete: true