Merge remote-tracking branch 'origin/4.16.0' into dev

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [4.16.0] - 2023-03-16
+
+* Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R10: [#1193](https://github.com/microsoft/PowerStig/issues/1193)
+* Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG: [#1191](https://github.com/microsoft/PowerStig/issues/1191)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R8: [#1196](https://github.com/microsoft/PowerStig/issues/1196)
+* Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)
+* Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus V2R8 #1194: [#1194](https://github.com/microsoft/PowerStig/issues/1194)
+* Update PowerSTIG to Parse/Apply Microsoft Windows Server 2022 V1R1 STIG - Ver 1, Rel 1: [#1190](https://github.com/microsoft/PowerStig/issues/1190)
+* Update Readme to reflect all covered technologies [#1184](https://github.com/microsoft/PowerStig/issues/1184)
+
 ## [4.15.0] - 2022-12-29
 
 * Update PowerSTIG to Parse/Apply Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 9: [#1164](https://github.com/microsoft/PowerStig/issues/1164)

FILEHASH.md

@@ -1,156 +1,160 @@
-# PowerSTIG File Hashes : Module Version 4.15.0
-
-Hashes for **PowerSTIG** files are listed in the following table:
-
-| File | SHA256 Hash | Size (bytes) |
+# PowerSTIG File Hashes : Module Version 4.16.0
+
+Hashes for **PowerSTIG** files are listed in the following table:
+
+| File | SHA256 Hash | Size (bytes) |
 | :---- | ---- | ---: |
-| Adobe-AcrobatPro-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatPro-2.1.xml | 04AB72A08B8BEAD381DE0AB0BE5AD762D1ECE5428139A7A6CE2ABD2CC8B6118B | 54113 |
-| Adobe-AcrobatReader-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Adobe-AcrobatReader-1.6.xml | 0FEFDC7088E15320B2E94D52A718512DB3B677FB37D2AD0B00AE40E2CE89ADC1 | 54786 |
-| Adobe-AcrobatReader-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatReader-2.1.xml | D4EB78A7A898274EA19F9067236068E267387E853D4877C12E944ADD9778750F | 55467 |
-| DotNetFramework-4-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| DotNetFramework-4-2.1.xml | 4D6A3404C39C2846B686E97D66B78F9B1D1F921520CF1A276CF3CE39FD1F2938 | 57332 |
-| DotNetFramework-4-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| DotNetFramework-4-2.2.xml | 8E4AB02FE2C34C76FA578CADC767F323E714C9B8DAF6373E922EDC2B93A89D6D | 57276 |
-| FireFox-All-5.1.org.default.xml | E7C6EC873CBA03D49FAC68B22CD558C1D0108B32D441BEF3C5BD48EB3B95B911 | 297 |
-| FireFox-All-5.1.xml | B285EFC9F6A51899D65DC601ACF60A351C087A9C1E6C58F8E499B86BC92F599F | 46615 |
-| FireFox-All-5.2.org.default.xml | 9B72F155F7A22AEF2201C6CE20EC05E50FEF8B9EF8DA02AB5EDF920A16B18CC2 | 297 |
-| FireFox-All-5.2.xml | D19F32C9F4AA0DD54C38CAF228CF4CC1C2C5E0CD2C5EA8C726768A0DCD8B3D44 | 46744 |
-| Google-Chrome-2.6.org.default.xml | 7C81D2916C14787A5B0009A1E9CE9C41FF5E33235B35BDDE4467104F79082215 | 990 |
-| Google-Chrome-2.6.xml | 113ACBBA58E7578BC2B550DFAF4256E0B56C441AC8CD5DC80F6C63CD36C5668F | 93353 |
-| Google-Chrome-2.7.org.default.xml | 9B1559EAC6822D505F9BCA3C91570DA4818E3D5ACC6B836E774F2CBD621EB598 | 990 |
-| Google-Chrome-2.7.xml | EFB0D58A0B2B66020695A79396039A7D93848C13F65648D3079A47749CEAC715 | 93355 |
-| IISServer-10.0-2.6.org.default.xml | 95A59D5BB86845326537CC9A82DBB798BFEC89508560D1E34449310A03210AA4 | 752 |
-| IISServer-10.0-2.6.xml | C03F56D30CFBA90C6AFAD08CB088A0D968D9DA6EB658A1A4A1243E4E2D348896 | 136405 |
-| IISServer-10.0-2.7.org.default.xml | F145355FD8DD5CBFE84E3FC76A69E4AF046D2CCCE04F498704F928503F5F5C85 | 739 |
-| IISServer-10.0-2.7.xml | 8102C44BE74D7BC1214603BC77B49890E21E3DB7EB4BEA2652817A6EEEAB218A | 135599 |
-| IISServer-8.5-2.3.org.default.xml | 5214CE6723F1FDC543275D4C6D626F9C36428CDBEBCF3952F5DDECC9EF052EC5 | 739 |
-| IISServer-8.5-2.3.xml | F31E4A7F05EB5D84260F1ED9272254D68170C6E538EEA922C57F44E2D8A98ED5 | 131783 |
+| Adobe-AcrobatPro-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatPro-2.1.xml | 014A3C048B3C3CF43597155E564EDB802182C3C14E4BE68DEF85B148071FD320 | 54732 |
+| Adobe-AcrobatReader-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Adobe-AcrobatReader-1.6.xml | E5661CDA5DC7B532EED196E7864F70DE96144E010EC6DB5A3ABA921DBC359664 | 55466 |
+| Adobe-AcrobatReader-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatReader-2.1.xml | 9D48DF1B16B1D22B60CA4AA59B898421119E88CE0A24BB170D8FBAC1C4DD7573 | 56174 |
+| DotNetFramework-4-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| DotNetFramework-4-2.1.xml | D5DE0BFBE10D48D9EB1D7EDBAD55BAB654D6E7D44AC7BDFF6AA33AFB428CCD29 | 57984 |
+| DotNetFramework-4-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| DotNetFramework-4-2.2.xml | 294B45354DCFFAF12E1B859C64BEB70C27DB3942E32908DF8F259EA0B6503728 | 57926 |
+| FireFox-All-5.1.org.default.xml | C945966A44DEE00C73906437983A9BE413F6012F7E796F127545317096170D61 | 305 |
+| FireFox-All-5.1.xml | 7221F60B2D2AF30F506229A4A4429F3D1BEFBE07122CA61132407F35AB0BBC7E | 47024 |
+| FireFox-All-5.2.org.default.xml | 246A15D8F07D6ABC702CEA0C105CA89F93F36BDB8702C8FF81D960BEB66B9759 | 305 |
+| FireFox-All-5.2.xml | C7A987AADBF8B82CF2C200D7412C09D2C3ED4798B1F4E3F5F99DB627155BC909 | 47155 |
+| Google-Chrome-2.7.org.default.xml | 2C72514682BD1028908E63B2F5BAC8A72D5CC35CD1C402BA48EDFC4C5545BD1C | 1009 |
+| Google-Chrome-2.7.xml | 9F538B3A661952B4FB4AA38F7CBFEDFB8157B843A2F7046CEB918243FB751363 | 94337 |
+| Google-Chrome-2.8.org.default.xml | FE3FC2904EF4CC4D17D6911070C5B6C2CE86F279E7EE7487A2DA7F83F83066D0 | 1009 |
+| Google-Chrome-2.8.xml | 09AC14A7D31C20FC91E6DD7406CF22A775CA596AE2DF850A963C915DF483C9BC | 94052 |
+| IISServer-10.0-2.7.org.default.xml | ECA311FFECCBCEADB27A2F7CF1FD88C489EDF98206D65C755FBD794437E4852A | 752 |
+| IISServer-10.0-2.7.xml | B8757CCF4C8AA892346C70DD8312C3059ACEDDA0A730D0D7FAC190796EBCBE17 | 137334 |
+| IISServer-10.0-2.8.org.default.xml | 8482D17674D96660A2E213FDDC2A93552E81C3A4D96A43F8BC6DF08342E388C9 | 752 |
+| IISServer-10.0-2.8.xml | BE89F02F51BCEC375D64FA0CC94990E4CC501B8B640A761FB2B35D7C985C77B4 | 137396 |
 | IISServer-8.5-2.4.org.default.xml | 8034D2946139C2F0A6C93192F60CCE03C7DBEBEBDFA1F2C1FB01BE9597D873BB | 752 |
 | IISServer-8.5-2.4.xml | 081C0F929BF700DD594719DE11E343660DFB906716916DFB28BCDA4F41896685 | 132589 |
+| IISServer-8.5-2.5.org.default.xml | 956622CF2F23549C3AA1660AAC823D5EF0DD73A9C193303D142FD168D4CBDEE5 | 752 |
+| IISServer-8.5-2.5.xml | 0F8D082DB66148BE08F530F523B7B2B55124F57ACF5EEB05D699151F07B71B1B | 133450 |
 | IISSite-10.0-2.6.org.default.xml | 1C1E203AB4D6971068E09CBEB35C9C39BCA13B271C9EFE4FB95BBB9DC2957F91 | 1413 |
 | IISSite-10.0-2.6.xml | 4FA0844B38F05E4BCDE6B4D01CF3A3C08DBDFDF78A33B4EED2432EE8F06F577B | 113306 |
-| IISSite-10.0-2.7.org.default.xml | 66043BE739DA43C4D041D790961D28396707A71FC0EC7DC1C2C53112AF96F13B | 1388 |
-| IISSite-10.0-2.7.xml | C60114335C33CF0A6AD3C11B837428FE920E528F0AC79AA08A608B2D6F2AA925 | 110678 |
-| IISSite-8.5-2.5.org.default.xml | 1CC2FC4D560DC20509DD735506D3A05CD7013F052BA118D250A5437BAF1A9D4B | 1882 |
-| IISSite-8.5-2.5.xml | 6C107E0B975115D4C32A7EE327ECE07A7BB52118F4BB063A3C0FF7C0D98B071D | 124809 |
+| IISSite-10.0-2.7.org.default.xml | 0DB0FE0B6B2796ED6555C4029D8571135C55E31DB080B5351C97931EF4338EA8 | 1413 |
+| IISSite-10.0-2.7.xml | A84303C30AB3BAA48CAC47B5014BB714704B1D0B480F651FC4832E14B9DF2581 | 112015 |
 | IISSite-8.5-2.6.org.default.xml | 79EF409B1998296B7187B4F9DC0DC680E7E903C4F5C6DACBA55DD7CBF65ED6AE | 1819 |
 | IISSite-8.5-2.6.xml | 6FD8BBD8AC83EE0C14C5D64ED57D00FDCA692C9523F4D5DB7DF02191A90DF5AA | 122787 |
-| InternetExplorer-11-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| InternetExplorer-11-2.1.xml | 8E0E2B418E99BA217D9E0A4060D62FCCF053F6E6A1C5B5EB8ABDE6477A75C2DF | 329761 |
+| IISSite-8.5-2.7.org.default.xml | 41C5060A27C20B65330926366D4EDFF5C7108538BE6F9C314F35F991B2B939DF | 1819 |
+| IISSite-8.5-2.7.xml | 95A8C6FB824718CC9A13F3AF24781DAAEBC802DE2E677BC000E3A3EC817AED24 | 123589 |
+| InternetExplorer-11-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| InternetExplorer-11-2.1.xml | 1CDBB4ADA92FFB610BBD57F05D7055FC108CBBCA7770473907E8024C5637234B | 331854 |
 | InternetExplorer-11-2.2.org.default.xml | CFAFCD73ED15B911604867FF6423AB21CF6F66976DA781D58C2FFC7FCA70CF60 | 299 |
 | InternetExplorer-11-2.2.xml | D1C082EEB7B774413BCDE4BA7293FEAAD291F53A5FBDBB2E649F25E8ED61150E | 334340 |
-| McAfee-8.8-VirusScan-5.16.org.default.xml | 0122D7BC3AB85E7EEC2C8A989687541AEB6A7DCC025692894EB208B9ED5EDF2B | 760 |
-| McAfee-8.8-VirusScan-5.16.xml | 5A2E6A31CA07BF76F6F3A7F77D3FC1A180128D390C70F4ECFFFA3F9B19408625 | 241862 |
+| McAfee-8.8-VirusScan-5.16.org.default.xml | 28792D63E69F797CA02CCAE52F537B1001D9069BD7DE4F5A73375424C19FE660 | 777 |
+| McAfee-8.8-VirusScan-5.16.xml | 22CAEE788CA69690819D46548D19E40163FD8EB799F8EC7FAA4E5FB714C4F445 | 244268 |
 | MS-Edge-1.5.org.default.xml | 562551BABBA8AB74289B0FF4E7C88914ED7B771D35D4FADC33305459C7C11B3C | 1057 |
 | MS-Edge-1.5.xml | AF60D4691669E4A78E7BD907D32AF6FE6168EFEC8773DC71728EBDE4DA05EB9D | 115218 |
-| MS-Edge-1.6.org.default.xml | E191F7717B75893560A6CB4C9293CA84BD279116730C6790733AD90DCA452A13 | 1040 |
-| MS-Edge-1.6.xml | 8F2B0A0066454392D766F3FB12A99880BE64967AD8A412B3E4A0169B168F662C | 114286 |
-| Office-365ProPlus-2.6.org.default.xml | 630EF8AE632A67453ACF1983C01460CFAA8140E034F121B8DD9CC2AD828D8AFA | 2401 |
-| Office-365ProPlus-2.6.xml | 9EECC40ACC3387E33CE35251763D47FEF89D15F9594684857A0FA09BEF3A0A8A | 372098 |
-| Office-365ProPlus-2.7.org.default.xml | 76C543682926BE1640EF623637BB9C8CB08A72CFFEF19A7C527E9502F710257A | 2397 |
-| Office-365ProPlus-2.7.xml | C11EAD7FE98355F91A9569561893771D2A8837D0CF44017AB41910EBFB1DCB00 | 372099 |
-| Office-Excel2013-1.7.org.default.xml | 7112F164172614EEB9F470466C91609C1AA0EA8AD13F2A1A5AB0147FB0F8E790 | 418 |
-| Office-Excel2013-1.7.xml | 7F3C9FDDA62BD48C271890C2150381BD40A3E40254D5ED8702BA612F52B9863C | 109725 |
-| Office-Excel2016-1.2.org.default.xml | C7D6B6B2EFE31CCDBC9A072AEC52E17D5F9C7C52F326CF480E4B0BBCBEBBE779 | 517 |
-| Office-Excel2016-1.2.xml | C1EEAE1896224260C7EEB48EFEF773D3ECE42F1BD799CB1D4E923CC299CAF812 | 107254 |
-| Office-Outlook2013-1.12.org.default.xml | 6DE2F8E0E9DF57570762FBB22BAF17F389C74DF88E8737D9463DA7491C2DE862 | 298 |
-| Office-Outlook2013-1.12.xml | DCD510AFDC92DD03136480DA09353C4919E01438118D6D0FE9232CE933E7E4EE | 192069 |
-| Office-Outlook2013-1.13.org.default.xml | E0AABF9650DB6A37E05A15A6B943C7B05AA31B2581506380188172B171BA2339 | 450 |
-| Office-Outlook2013-1.13.xml | E7020C1084BD4090C8BB50BE8DFC0B865C3698CBF1802C0D1F7E01EF261437E1 | 192186 |
-| Office-Outlook2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-Outlook2016-2.2.xml | 509C5F1A353E9B18F5AF2EFE11D4389D47A89581676CC8BC3F71BBB9FDD4FD5F | 149729 |
-| Office-Outlook2016-2.3.org.default.xml | 985584822EF58BCE107E522081D8FB5EA24CC74856040D93EC88252958F12EDA | 297 |
-| Office-Outlook2016-2.3.xml | 52CC95E49055AE1DC22B2643868F38093979D9F925399DDB3EA9F7692F606C9B | 149853 |
-| Office-PowerPoint2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-PowerPoint2013-1.6.xml | F58B0231BCF94AF8E0808FEFE48CFC00E4F1F0636E73ED7E974ECAEB1F5A46AA | 93353 |
-| Office-PowerPoint2016-1.1.org.default.xml | 440A06FFB09F4FECB3546372E20FDB16C30F84B55F41EA5DA1AC891491E11F4C | 420 |
-| Office-PowerPoint2016-1.1.xml | CEAF4E6451621201D948A61DBFE57C303AA2F025CD0035374F2B24C68D9ADBCB | 90836 |
-| Office-Publisher2016-1.3.org.default.xml | 6E4C29EB64180DC23653B089C5734F0E4D493FE896DD0A2F4FCAFDC6407DD6AE | 422 |
+| MS-Edge-1.6.org.default.xml | 97393C5F48012A8890502024D487EF0DE2D67DE47B3EC5FD186352D08B233390 | 1057 |
+| MS-Edge-1.6.xml | A292381A242DA221D31BEAB2A3398E3599187B9E80C8DCDA92FB48EED9F9AF73 | 115719 |
+| Office-365ProPlus-2.7.org.default.xml | 43C03EA6FECC580FA689DBF77CC9E860D18C7ACF75A8A34B006A3699B8697AFB | 2448 |
+| Office-365ProPlus-2.7.xml | CC7BC37FEEF400CA37A3C7D83EEB77D51852FAF00ED47F9D3F0E0E2515B81140 | 375810 |
+| Office-365ProPlus-2.8.org.default.xml | 1E07FF9CBB7524B55843474F1BC04D9C2CAA1111F29EB9965F6AA2137EB26385 | 2450 |
+| Office-365ProPlus-2.8.xml | D7CB2059E061425C28777F8953976C16897A6F813898AB46FA99EDED997F434E | 375774 |
+| Office-Excel2013-1.7.org.default.xml | 6A8FBC7AD79015A5261C617A2EFC0084E58BCAFAAD3FA2B8E61BC01A860C102C | 429 |
+| Office-Excel2013-1.7.xml | E99C7824EB50B0727D7834F8D68FA6840BE8F69921DA49525C3B2921B9AD5A3B | 110738 |
+| Office-Excel2016-1.2.org.default.xml | EE134DCD15DEFBD412AF18477F75248DE83A705E10CA061776F2AE74884749E3 | 530 |
+| Office-Excel2016-1.2.xml | 5685CF03939CA92E8F4C854095344EA88B613E3CC1AB581E3DA4F70D70E69B77 | 108096 |
+| Office-Outlook2013-1.12.org.default.xml | 6691883C5ACE1CBF9ACAFC536E0E335620A9A1B158B75EAB7FE2E661C7C31A63 | 306 |
+| Office-Outlook2013-1.12.xml | DBF4FF03D3214F753B76C5ADFE0FEFB228E87EFD767BBDF1D3847080D67CF3D4 | 193739 |
+| Office-Outlook2013-1.13.org.default.xml | 624856564A2FB618BDF6A41263806BC2BE08B1AE58226425C07EFBADDC98FAF5 | 461 |
+| Office-Outlook2013-1.13.xml | 3446E121027400CE6C4834E4507EA94B5CFD24F65CFA4D5F0524873D32B07D8A | 193858 |
+| Office-Outlook2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-Outlook2016-2.2.xml | 9246147D3FA9E79A70F7024A3AC38FF526341B84CECD6F7175958A69D83B89DD | 151022 |
+| Office-Outlook2016-2.3.org.default.xml | 65560374E19492C3BBA42CC0A40AFC2F74C82AD01977E5061F41A4BCEDC2BF8E | 305 |
+| Office-Outlook2016-2.3.xml | ABF1B429B65076A3C44984451975C4FB264F2721CD47244F8C900290DB2011B0 | 151146 |
+| Office-PowerPoint2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-PowerPoint2013-1.6.xml | 563E20C0149E0CB20880EB777439A7B67C4FE1BBF4347EA7677048E6DD2D2EAA | 94142 |
+| Office-PowerPoint2016-1.1.org.default.xml | 3FEE8C811ED3DB6986E24ABF9BBA833975A908C82EFAECC2E91755E10D02C30C | 431 |
+| Office-PowerPoint2016-1.1.xml | 8F17DC18B9997782E98DACA5044ACB1E63B178A80240AE130D0AC7F64B703531 | 91626 |
+| Office-Publisher2016-1.3.org.default.xml | 87A4435821A71C1861AC3F9103E35FDE176D42FCE97880B4B26439CF49F58C0E | 433 |
 | Office-Publisher2016-1.3.xml | 89F37914B868D581E4253D8ED819544B61C5D5D750A6F09598FBCAFB41E618E3 | 37769 |
-| Office-System2013-1.9.org.default.xml | 4036D829A31308CD45CC8B5A76A9A84612F2593B7700190B5FF1B08EFBF089EF | 852 |
-| Office-System2013-1.9.xml | 96E75BC4A4922BB6D57BE63701AC030EC055AB1D660A8F45D3668E6B0A798959 | 121552 |
-| Office-System2013-2.1.org.default.xml | 5062DB411E0A0E8F42774CA34BB51D8DDCFCE5C5CA316E354520DE4D7C3D8B20 | 856 |
-| Office-System2013-2.1.xml | 89EEA327D7A227B42B981B5A8EA8D80A4E2E7D18F8C40B03C048B09CDEE1F397 | 116188 |
-| Office-System2016-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Office-System2016-2.1.xml | 9EDFB96DA919A0B9A002F01576949275A3A6D6FC68E25B62729FFCC30C0AD357 | 64487 |
-| Office-System2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-System2016-2.2.xml | 4B2AF660B2CECFDFD5113710652DE5A3A41DBF6C6E5ACF88C488C35C6DBD1962 | 64776 |
-| Office-Visio2013-1.4.org.default.xml | 955053441F378268498E15AC859046B2E2805E405AC294DDD8C6493A3FD2CC64 | 297 |
-| Office-Visio2013-1.4.xml | A1CFAABF789BD8C3958D35415F23B5B192F028CA98EDD391ECCEE85D87B6543F | 30039 |
-| Office-Word2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-Word2013-1.6.xml | C6D5620E7977EDA5B59134D0DABFA42AA4AC6C87EFB3FFF6502CE615DF157285 | 80779 |
-| Office-Word2016-1.1.org.default.xml | 724DB22065C11F47D376186EB1A5F959C9721A47A3A2E00F125DFB36BBD96EBD | 420 |
-| Office-Word2016-1.1.xml | CF23511AE9EF837FE49B19F0888F2CC38D1D4E3BF1F054EA35903732A6781858 | 87615 |
-| OracleJRE-8-1.5.org.default.xml | C832884FF191F9D9AD20652CBE1D9C68BE15C2DD9B57CF15B8F85EB1F770BBEF | 491 |
-| OracleJRE-8-1.5.xml | E61F226FA4BC02C4225A3399E4543A3E83DA51F8F813650E246F6472ACFE3982 | 44880 |
-| OracleJRE-8-2.1.org.default.xml | 3DC5157025F594B12BD2E1F5FC7B76818897F5C69555E8396DC8AACB986C8644 | 492 |
-| OracleJRE-8-2.1.xml | B76FEF48981D375C0F604D586D98622D05D8121AAB81A8BB06298BE650FB8DCE | 45903 |
-| RHEL-7-3.8.org.default.xml | 2E74668308150FE9E2F8E817899E5D498E32327AF59E0AB5F3BE607864AD47C8 | 6589 |
-| RHEL-7-3.8.xml | 19A0CF80DC537555C3F568DDBA0575AEE4FE785630A8A59BCD9988774CD31AE9 | 583777 |
-| RHEL-7-3.9.org.default.xml | A4D0A233417A210F173ECF0B20935162045B9E3B67BDB24EC1D39DF826424F16 | 7417 |
+| Office-System2013-1.9.org.default.xml | 45055F756C705090A9F8D6470EF55C2FC8838EA00B2103E372E22B948A06DF63 | 869 |
+| Office-System2013-1.9.xml | 346A48CA6FD98889F0E60928AA0E87E138CF4E8A45E1BDB82BB04005428638C5 | 122545 |
+| Office-System2013-2.1.org.default.xml | 96C2EFAF8780965F18914EB31F6C869AF63ADDB780CB3EA537626BA7DA2B7358 | 873 |
+| Office-System2013-2.1.xml | 40657EF393151DFE4D8FD1B5ABD4C5E87DD4AFD3A7F0B230DD22502F0B9DBF4C | 117184 |
+| Office-System2016-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Office-System2016-2.1.xml | 37E5D07510D1AEC51E6D08A502B7CAFDB3B316188EC2EE6B84D985CC1207DAA7 | 64932 |
+| Office-System2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-System2016-2.2.xml | 21F9CF9D4F17F183D6D5DF03090866E502F5C3D36BBD5B81FAAFFAD62A047EB7 | 65225 |
+| Office-Visio2013-1.4.org.default.xml | DEB619FD6632472F27796C703DB93523035A5BCD84A2FE878DABBCFC968FFFD9 | 305 |
+| Office-Visio2013-1.4.xml | 4DDEFCDD8E1D316BB2498D95CC033CBABD536A90EF9D6D1278127F4C4FF8DDA8 | 30296 |
+| Office-Word2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-Word2013-1.6.xml | 85E667D9899F3B98270275D1E2F1E5BEAF3AC39C0D8F3143E61F53FBA74263B9 | 81466 |
+| Office-Word2016-1.1.org.default.xml | 7C6CDD5943A445A748835DDAEA1C2AC2615A2BC21B0570751F234E5AB5D7B14B | 431 |
+| Office-Word2016-1.1.xml | 3309F6DCAFFDC4521E2B40CD6D1FC8DBEFB69972B64BBEC5C4C43BAF74542B84 | 88318 |
+| OracleJRE-8-1.5.org.default.xml | 9F29E6AA7A905712FC4BBA768764219CB4CD7F259A0515A486E0E9EE4BE03F66 | 502 |
+| OracleJRE-8-1.5.xml | D8D451B6E2B88C4F7FA14809CA7E6485E19C6295460342C01EF78E6787F073F3 | 45264 |
+| OracleJRE-8-2.1.org.default.xml | 83D686E66B98E318AB87ED95F05B1C01265DB40D202C9F1D4BEDE52790EA834D | 503 |
+| OracleJRE-8-2.1.xml | 34B2B1060088BD4A915B3F713464A636DCD98D6B8A32163F831A485F51DEC211 | 46312 |
+| RHEL-7-3.10.org.default.xml | 3A22CFED34A7C489B98C7663B16235B044D0B0B01BF8A66B594CB0D08CF6A3B8 | 7594 |
+| RHEL-7-3.10.xml | ACB557ED8C652EE1EB42B4398559E3199F565ECA1479F7AB8C93A31B03769B67 | 601397 |
+| RHEL-7-3.9.org.default.xml | 9048B69CAD2A4E9C53C2F8865C6AD0965FAFE20D71D345EFC19F3779F6C9F489 | 7470 |
 | RHEL-7-3.9.xml | 6563FE66082A9329FA349507801FB4EA2FCC7145AA30CF8A35E4466E9D30373F | 592180 |
-| SqlServer-2012-Database-1.19.org.default.xml | F0BCFA8BA56A51AB40F7AC1433B0BDB70F8FD15AB83BE236E8FCD182EB12818C | 427 |
-| SqlServer-2012-Database-1.19.xml | A8B5D94FA2D1EC2E9F85C034FAA7453F6554050A10D32A4534F787CC805A18D4 | 85981 |
-| SqlServer-2012-Database-1.20.org.default.xml | 88F0F0E3C3828B8DF4861F67F528D385DA47059F1255E35538209335B9F36C0C | 427 |
-| SqlServer-2012-Database-1.20.xml | 5EB429E846A241764E46144C2CEA4645FEA23291BA8B6DC24000F0054E6A1D83 | 85927 |
-| SqlServer-2012-Instance-1.19.org.default.xml | CBDC914F56AA1E306F5AF10B611B4C0B95E5CAAC8C2A792C0E640557FFF247DC | 1077 |
-| SqlServer-2012-Instance-1.19.xml | 198E9CFB9C9B5F115A41DBED956416389CF03E603D21CC3B6EF343E18308A184 | 716637 |
-| SqlServer-2012-Instance-1.20.org.default.xml | 2FFFB13390E0D6D4DDFBCCC6BB0E607D2CB028F57A521D85610B2D04E5D4230F | 1077 |
-| SqlServer-2012-Instance-1.20.xml | 75F35AB3641E3F11BBC173C57156706A5B57F27AB1FC511CA6256DBBFB9BA962 | 709174 |
-| SqlServer-2016-Instance-2.7.org.default.xml | 575803F6ED47AB833E3BD857BF7F049A6A986A74FCE54213739A0B87803814B2 | 610 |
-| SqlServer-2016-Instance-2.7.xml | 31D0FD81EA21C3586C00A538529058E8C2D046C6FD5D2E49D1EEC1F58F6DB9A5 | 548824 |
-| SqlServer-2016-Instance-2.8.org.default.xml | 36FD816F5FCAD2AF38C53BBDEAD90EBB6DFE195133613B5F407E6399C0AF2BA9 | 610 |
-| SqlServer-2016-Instance-2.8.xml | 6DDFAA3449EDB8C1D3518F317D8ADBE9048751A4FEE71C5A207D07FB4C918F82 | 549523 |
-| Ubuntu-18.04-2.8.org.default.xml | 08CF6671D3A376D8537B68E48971635C07ABB1B49BFC12F47BF7A2C7D153E2D2 | 6879 |
-| Ubuntu-18.04-2.8.xml | 978B0E087CBF6A33E4AF2FCEBB1D6122FC39FF92FB583CBEF229161ADF7E532F | 484056 |
+| SqlServer-2012-Database-1.19.org.default.xml | 282BCFAC931096F13AA661132D8E0BADF93A17034C98057A68DEC20D43612C88 | 438 |
+| SqlServer-2012-Database-1.19.xml | EA869867AE70E1ED3E80906C7CE800523071A95CB1DE72492F1DB20C4A924A9D | 86839 |
+| SqlServer-2012-Database-1.20.org.default.xml | 572218B2318BFB1F1160B2D1835DE985D09F269260038ED6CFE26573573C5014 | 438 |
+| SqlServer-2012-Database-1.20.xml | F01743D2CA5E914C215ECB13D86A5D58723DD7AB7C328B81D284911DEFA0D9C4 | 86785 |
+| SqlServer-2012-Instance-1.19.org.default.xml | D78829081352C7766AB1E9639C1649A46FDAD69819BCE14599CB3A5C096DF4E6 | 1098 |
+| SqlServer-2012-Instance-1.19.xml | 1313489DECFD7B137F53C9A55DA8068075CDD8015DBE24AEC77CC4276D910185 | 725272 |
+| SqlServer-2012-Instance-1.20.org.default.xml | BB9345EFCFBDB1FDCF731620B233BBD6B1CFD8856A25422D753D9D668D850860 | 1098 |
+| SqlServer-2012-Instance-1.20.xml | 6E8F27FE02ACF7877AB36F90F8C2CADCD8A93A3500288D41EF06070E7C992C66 | 717809 |
+| SqlServer-2016-Instance-2.7.org.default.xml | B966FDBE624E10243DFC71F153A7656F50A414E9A41C7DFAB286318C7783D67F | 623 |
+| SqlServer-2016-Instance-2.7.xml | 689D85FE26F58624FA6493992501D1EB565376805FFF1BAB1EDF2F9B6875C416 | 553591 |
+| SqlServer-2016-Instance-2.8.org.default.xml | 8F7BABE8A06CF091B7BA30D9A7038CE055D18036A0CE47EE5E89C01FDCEBC0BD | 623 |
+| SqlServer-2016-Instance-2.8.xml | 91D9A3D72336382ED3B2FABCD2311BCCA43302B9774085A0F93443879867C923 | 554296 |
+| Ubuntu-18.04-2.10.org.default.xml | 69E03214AA101407BE74394CE1D2CBCD133EDA7AFEFF2C2E3F05D84201195403 | 6920 |
+| Ubuntu-18.04-2.10.xml | 8EA37985B73C1114235CA1E20611896E37969C56D13ABC5F43B08E78A696720A | 491684 |
 | Ubuntu-18.04-2.9.org.default.xml | 937F52BBA9FD68C3E227705A6B7A64EB934B9042C2FBFA7DFE26FAB515135521 | 6922 |
 | Ubuntu-18.04-2.9.xml | 5180802F8E98B6B0B113BFC23EF235600690E753BED9C3C11ED8920A69E0C13A | 486825 |
-| Vsphere-6.5-2.2.org.default.xml | A9EE6773BD2F1593A0E33BD4E048AD43DE3E5709E5BE089CBBF7FB3C4B30288A | 782 |
-| Vsphere-6.5-2.2.xml | F7324FB4B6CDF705560BA1DA66AE1EB4A538BDC78D768813B3D1C367D2B4964B | 142766 |
-| Vsphere-6.5-2.3.org.default.xml | E7BDBC6948AA1E0999792F9054C2065B4AD0AD304B7F033D1378270A355D715D | 782 |
-| Vsphere-6.5-2.3.xml | 4E152C8A94517F45022D1C0BB8E5F3D3646D8CD1B4747C00034B3E646F1E678C | 144921 |
-| WindowsClient-10-2.4.org.default.xml | E0BB6F34998B2D1B9E7E25A7C9EA5ED43E448EF0EC3BF8CE9F030C5DA3A33037 | 5989 |
-| WindowsClient-10-2.4.xml | 9F90E8AAE9CEF0987D1BB5E2EE00254CFF504EA0B995D54100767AE4FB1B3F98 | 534076 |
+| Vsphere-6.5-2.2.org.default.xml | 9050F39FC140A633AD41A884A3E0F87720EFA566C91E82E74A13B918B8C04323 | 797 |
+| Vsphere-6.5-2.2.xml | E3A2F2D4C89416D14A8F3AB4DC6A5444DEA9683AFB2A21A653749995F289AD24 | 144122 |
+| Vsphere-6.5-2.3.org.default.xml | B8539D6118706486E3F451AC2466FE5BABC1C9DB30C1A48C80D3FFA32354056E | 797 |
+| Vsphere-6.5-2.3.xml | DE07939A8EC08F52E77FF411FF04359FCE02035C5038B70FBA2ADC42B994BEAA | 146293 |
+| WindowsClient-10-2.4.org.default.xml | FDC65417DFF986055A4CE952B575479EE650DC566D4C5C35CEB3B5B2140EE207 | 6086 |
+| WindowsClient-10-2.4.xml | C326D08FFA97F42AE5EFF12E50DC4925C8E240C20D6FD4DFDF74F9174A5B8482 | 540794 |
 | WindowsClient-10-2.5.org.default.xml | E39DBCAAC643D0CF020B3FDE5C655963B614DA55D7FF0264D55348234C5318BB | 6086 |
-| WindowsClient-10-2.5.xml | 519508254CFDE17F0308F8CA4FBE523567B618351ADBA0DC3103E9EE65D5067D | 534039 |
+| WindowsClient-10-2.5.xml | F37EBE9608CB4C0997AED5BA9F1A0C7ABFE3379CF7E81418E0639EF4CE5052CF | 540755 |
 | WindowsClient-11-1.2.org.default.xml | C03F1939072743A5F17C771C3E120976996FA159D293064EB8B4FEBBD3EF6070 | 5988 |
 | WindowsClient-11-1.2.xml | B0D8BC1B572AB08ACBD4CFEF99E88A2B4AAD80772C05C904A8F7FA916FDCD9B9 | 520538 |
-| WindowsDefender-All-2.3.org.default.xml | 2EF81E87FDF1D24158DCD2BFD2176921ED21ABBEA2C29ED14096EEEA54F8EB40 | 1065 |
-| WindowsDefender-All-2.3.xml | 34B17B00509BA3F4934861F383E2C133FCA2F19C65F38AA6DB77DBC9B0728A24 | 95099 |
-| WindowsDefender-All-2.4.org.default.xml | 96EA1084F1F2A3C9860013346ACCD29A805A73D79E6A313E759CDBC775A906E8 | 1065 |
-| WindowsDefender-All-2.4.xml | 6657A5CD51F7396976A05A03D3EDB358303D1D320935B51A953765E77063EF6C | 95829 |
-| WindowsDnsServer-2012R2-2.4.org.default.xml | 7A37266D66DFDB51BDCE149BF242559529AE0A3CB111EE3D7124CB02BFDC6B3F | 297 |
-| WindowsDnsServer-2012R2-2.4.xml | 597FE2821DDF156B17D136FF132AEF287E7CC60DB6263CA256385197CDBA24B6 | 241691 |
-| WindowsDnsServer-2012R2-2.5.org.default.xml | 5C4EAECF345C25E9688AA38AFEC397FFA392213486C8E9B0FA06B080AECA50A7 | 297 |
-| WindowsDnsServer-2012R2-2.5.xml | 5E54B2B89FA2E07B721B5461C2BBC2A4C831D696198D6EFD02D344C01CF22C9D | 242163 |
-| WindowsFirewall-All-1.7.org.default.xml | BF71BCE35DD772AA32964B7E6E3A20FCDAAA24C494FC51E58DEA5DB6DEFFC0EB | 945 |
-| WindowsFirewall-All-1.7.xml | 2B8E3CC4782FB3DC7718C1E6E75A7638E5CE7BEF417FA37530C807FEEF9355AF | 64830 |
-| WindowsFirewall-All-2.1.org.default.xml | 1EAC25EE60798B820C06DC8895361F69E31ED9A2950A8D3E86053F6BD9357C06 | 957 |
-| WindowsFirewall-All-2.1.xml | DE85F4E98D148246857F5C7356437371167BD9BB41BE3ABFF3E8B0B66BB12848 | 65807 |
-| WindowsServer-2012R2-DC-3.3.org.default.xml | 836CCA23864E7ACBC60CD988879F95BAE5E6F08CFAF0F0A60D54360848AE920F | 6935 |
-| WindowsServer-2012R2-DC-3.3.xml | B257636D672651195B540336EEBE4A216E98041493FC85980CB71373E4CFCCC6 | 765949 |
-| WindowsServer-2012R2-DC-3.4.org.default.xml | A727A575B307945E8430081B484383F732FAB7153EC0F14E3F33DB6D7BEACEEB | 6812 |
-| WindowsServer-2012R2-DC-3.4.xml | 3E89014E572DA400DA8D668985317D940B688AA856569F2BC56606CF43C32C86 | 764218 |
-| WindowsServer-2012R2-MS-3.3.org.default.xml | 1E04A871219379FF22D44916C0CE4143979F5082C9BAE9678D0DE29C638F1668 | 6377 |
-| WindowsServer-2012R2-MS-3.3.xml | 19C5930FBA78D6D4D619E9CAEEA505F63EAD73A600D220BBB33BF5EA98B40F02 | 661643 |
-| WindowsServer-2012R2-MS-3.4.org.default.xml | EFDC3D61F4DE48302E1AF28FB8C84F165AFA5BC67323EF87C32B653623D6D384 | 6254 |
-| WindowsServer-2012R2-MS-3.4.xml | 71559E19258D176E6E4FADC311A7DA1235DAE285EB02C4AC690567117EF3ED71 | 659969 |
-| WindowsServer-2016-DC-2.4.org.default.xml | 48F25F35D1F8DB5401FE38088B58E4822EA38A8244D266EC3B699A262CDB8A5C | 5901 |
-| WindowsServer-2016-DC-2.4.xml | 0DB57634F42E73C46EAC3BC932954927A8932887721B4035BDB48197F954773A | 550779 |
-| WindowsServer-2016-DC-2.5.org.default.xml | CBDFDF1C21BD31D29ABEAA2B9A8E1F6D6A2B25A3D8D2460F6BD8FC04849E9FDA | 5901 |
-| WindowsServer-2016-DC-2.5.xml | C3D3D5B3F8138A91AC036D4AD6EB78893F41C3AFA9358A52B9147777CAC3EBBC | 551071 |
-| WindowsServer-2016-MS-2.4.org.default.xml | F196F497D58C066D3F1566AB048F8D55DA7AE75CF6E42834CAF4066BE4564545 | 6015 |
-| WindowsServer-2016-MS-2.4.xml | 26ADB3522D644C726C5855D980B295BFA8EB6C3EF8B44C5DB892CF728F7C48EE | 474194 |
-| WindowsServer-2016-MS-2.5.org.default.xml | C573B016540D824D448A9EC5FE004ED963A223B5DE09F693CF276CD1A0E155BE | 6014 |
-| WindowsServer-2016-MS-2.5.xml | 33B6553EEEF755D1DBE476DE1C81F0722C4DBA8694CA77F2262A986FEB5DA03B | 474790 |
-| WindowsServer-2019-DC-2.4.org.default.xml | 683B2A4EE968FBF488C563122DFE55304A0EA37C5843A510DFC5C8459BB0DD55 | 6002 |
-| WindowsServer-2019-DC-2.4.xml | 77AFD942245805482D991269FC32B5D4F9C1D6FBAEC00C2EB274CA4418D03CA2 | 558030 |
+| WindowsDefender-All-2.3.org.default.xml | C0577AA9DBF69E5CC7323B458E8D956A678FBC20D1786CD5FF972BABF8B3BD08 | 1088 |
+| WindowsDefender-All-2.3.xml | 9B56A4155EC35DC5D1E5E502367513DA01FFCDC02D5FF674A1D184C78BA575A0 | 96015 |
+| WindowsDefender-All-2.4.org.default.xml | 38BA1392F6B093D85D8A6289E4D2C76687BBA2F3E4077681917DD2A841CD8102 | 1088 |
+| WindowsDefender-All-2.4.xml | FE2A715FF673114A8571FFB92D364072D7B0FBD67B2477A616F3F24D2748D12F | 96852 |
+| WindowsDnsServer-2012R2-2.4.org.default.xml | E0665B930674B4382F93865B8F0FEE6D9ADCC2CDD263EC06D5ECBBC8751EE62A | 305 |
+| WindowsDnsServer-2012R2-2.4.xml | 12849FAFEADA9477E79C42C19AF5636772AF682B3BDEB40C71393F57ACC537DA | 244440 |
+| WindowsDnsServer-2012R2-2.5.org.default.xml | 331B93A209C36BC1DBB5760FBA8F2BF5E0788E7A4D47C58A0697570882B280DB | 305 |
+| WindowsDnsServer-2012R2-2.5.xml | FC766E2AE054AE1E898263A49CDFE61A3F029C56B5BE7C7F6ED81F6115E86873 | 244914 |
+| WindowsFirewall-All-1.7.org.default.xml | 64E9FFA9B456C36DD36B5824BF641E473931B5C350F473DDFFDF31B1B64DD016 | 966 |
+| WindowsFirewall-All-1.7.xml | BBB13C6D675EB591D972EF8AD9B46472CFE80FCAD76E9D453586E6BE430F01B6 | 65518 |
+| WindowsFirewall-All-2.1.org.default.xml | 54A9F5D8C7E859CFC8C177DFCD4621814166A4DC6FD1967BAB03062B17489949 | 978 |
+| WindowsFirewall-All-2.1.xml | C2D9F1754E8F3A537448E73A1F627E94E72F2A5A7900939E5823B6AD694CC617 | 66534 |
+| WindowsServer-2012R2-DC-3.3.org.default.xml | 8040D5FDCF6EC673550168EECBAA8295DE37CE261D5F6679C57CE3A39150FE71 | 7046 |
+| WindowsServer-2012R2-DC-3.3.xml | F43AB8FA145C575EC2887F94029613F70AA1DD0B6B4074624593564EDA44C98A | 775734 |
+| WindowsServer-2012R2-DC-3.4.org.default.xml | 5423A10BF684CB3FA5F64C77670BA1AA3C94A69FE176065C9720B763019B35C4 | 6921 |
+| WindowsServer-2012R2-DC-3.4.xml | 47373591AF4F0186F7949C5354A73A277DFC158211A5A49CB4F23D6AC3F98563 | 773991 |
+| WindowsServer-2012R2-MS-3.3.org.default.xml | 30D3509BF3AA9BA29E82E5EDFCA82AE8DBDF450A6A178B8A3A61568A56F0E18A | 6476 |
+| WindowsServer-2012R2-MS-3.3.xml | A415746E95E262FE7547687C22B89555694C47A40C182F1E4AE403AF7DF460A4 | 670131 |
+| WindowsServer-2012R2-MS-3.4.org.default.xml | 50F77131D17E1FE349CB81FBC8FE7278DEBB09A3321F75D92B9F3AC85352D869 | 6351 |
+| WindowsServer-2012R2-MS-3.4.xml | BBC62A7ADC3365A3AED0067051712C3643FFAAB9157129E0FEE322768036E4AA | 668445 |
+| WindowsServer-2016-DC-2.4.org.default.xml | C6F13BDEC76ECC5F02317296D189312D401A9522D6B65F478B4CBB5D2FB39ACE | 5996 |
+| WindowsServer-2016-DC-2.4.xml | 411E53051F5154C377653359438BF3633240D74957A814664EE3A97A7022F069 | 558255 |
+| WindowsServer-2016-DC-2.5.org.default.xml | A051E222710532B44CD2A67A0D953344D53CA5FB38BE49DDD69941D16B7AD50C | 5996 |
+| WindowsServer-2016-DC-2.5.xml | E7BBB817054921AD9CC22912A6ECBE418D14F3A706694A2A9D03EFB62C9121B3 | 558541 |
+| WindowsServer-2016-MS-2.4.org.default.xml | 4597212B8DC738BC901EE25CDA3EDA04F49D3F53A873EA4063CFA864C2DCF37D | 6108 |
+| WindowsServer-2016-MS-2.4.xml | 3C2B4FFE25FD8BA3A4702A07AFE4E4074AD31E9749C83D5375B6FF4C443DCA65 | 480555 |
+| WindowsServer-2016-MS-2.5.org.default.xml | 28A6CC76C5C22C10C57B9F3F37BB023CA151CF4DB877CF6E5C07B5AF1166E6A9 | 6107 |
+| WindowsServer-2016-MS-2.5.xml | BB49ECFFFEC86C4F01311491935BCF2F11981E523A08FB0712025511C1425FED | 481151 |
+| WindowsServer-2019-DC-2.4.org.default.xml | 0094F20B2B061FF05BD885B213776F7ADBC7E2D75EEEC66CB994281CE19891DC | 6095 |
+| WindowsServer-2019-DC-2.4.xml | 4CCF9BC6032C0EC069D1CD3BBCBCC55DC598D5815593F6B6903753E0ED8C5B2B | 565567 |
 | WindowsServer-2019-DC-2.5.org.default.xml | 2B3EBC94F5503C005071520D4487334E047241231F81A7154F2A07EE21B20104 | 6095 |
-| WindowsServer-2019-DC-2.5.xml | 667BBBFD0731C0B1CDE0D6811382DFE59031DA4BA02A1B00DC18FF3497C95182 | 558239 |
-| WindowsServer-2019-MS-2.4.org.default.xml | 8F9E845B06B92DCEABF081B2B80F3D37F2C833181D352339034889187C9B92EB | 5938 |
-| WindowsServer-2019-MS-2.4.xml | 4E699813B3A6B360729729993740D2B1E597CD83E852AB00FBA7F49FE2F9EC38 | 481067 |
+| WindowsServer-2019-DC-2.5.xml | 6D2683085611516785604724BBFD4DFB6D773E78ED3662D055D9B0BE7EB216FD | 565775 |
+| WindowsServer-2019-MS-2.4.org.default.xml | CABC2B5A3691044BCDD96E1ACA53B997BCCB14BC41927A4EFAC68E11F80686D5 | 6027 |
+| WindowsServer-2019-MS-2.4.xml | EED082B900AC5D0F68FC8EF060D801CE357F42895A4A5A324B2137DCFAE9F77C | 487488 |
 | WindowsServer-2019-MS-2.5.org.default.xml | C11EF1E1576DDFA46432BE2A202A2BF520652CC21B475B217150AAF3F158CBB1 | 6027 |
-| WindowsServer-2019-MS-2.5.xml | B1996B3BDF822010F82BD2B3932359957830F086DA3CD1EFB581DBF9D151486B | 481486 |
+| WindowsServer-2019-MS-2.5.xml | 6B5BFDFD3A668D0F3307DB87CC686ADB4AF84FF0D42BAE6898E61D6C3075D8C6 | 487906 |
+| WindowsServer-2022-DC-1.1.org.default.xml | A84DA0AA242D80FB25A68E417D05A315D0EFFC33B4A1F626096984CCB46277AA | 6222 |
+| WindowsServer-2022-DC-1.1.xml | E41B69D3EA64BD9C4406BA39697BBB75D2D230CF5844D4DEE3EC1C50CE57C04D | 565193 |
+| WindowsServer-2022-MS-1.1.org.default.xml | E2F3863090F2E81F6E19432881BEEFC6D620C2D05AE5E06DAF7A824117A4F339 | 6154 |
+| WindowsServer-2022-MS-1.1.xml | CC4041ABCB8AE786245D738927D1CA6EA23711B6BE2338872B95ECE3C6B9B599 | 488173 |

README.md

@@ -72,7 +72,7 @@ For detailed information, please see the [StigData Wiki](https://github.com/Micr
 
 PowerStig.DSC is not really a specific module, but rather a collection of PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items in each STIG.
 Each composite uses [PowerStig.Data](#powerstigdata) classes to retrieve PowerStig XML.
-This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can them be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
+This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can then be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
 
 ### Composite Resources
 
@@ -80,10 +80,23 @@ The list of STIGs that we are currently covering.
 
 |Name|Description|
 | ---- | --- |
-|[Browser](https://github.com/Microsoft/PowerStig/wiki/Browser) | Provides a mechanism to manage Browser STIG settings. |
+|[Adobe](https://github.com/Microsoft/PowerStig/wiki/Adobe)| Provides a mechanism to manage Adobe STIG settings.|
+|[Chrome](https://github.com/Microsoft/PowerStig/wiki/Chrome)| Provides a mechanism to manage Google Chrome STIG settings.|
 |[DotNetFramework](https://github.com/Microsoft/PowerStig/wiki/DotNetFramework) | Provides a mechanism to manage .Net Framework STIG settings. |
+|[Edge](https://github.com/Microsoft/PowerStig/wiki/Edge) | Provides a mechanism to manage Microsoft Edge STIG settings. |
+|[Firefox](https://github.com/Microsoft/PowerStig/wiki/Firefox) | Provides a mechanism to manage Firefox STIG settings. |
+|[IisServer](https://github.com/Microsoft/PowerStig/wiki/IisServer) | Provides a mechanism to manage IIS Server settings. |
+|[IisSite](https://github.com/Microsoft/PowerStig/wiki/IisSite) | Provides a mechanism to manage IIS Site settings. |
+|[InternetExplorer](https://github.com/Microsoft/PowerStig/wiki/InternetExplorer) | Provides a mechanism to manage Microsoft Internet Explorer settings. |
+|[McAfee](https://github.com/Microsoft/PowerStig/wiki/McAfee) | Provides a mechanism to manage McAfee settings. |
 |[Office](https://github.com/Microsoft/PowerStig/wiki/Office) | Provides a mechanism to manage Microsoft Office STIG settings. |
+|[OracleJRE](https://github.com/Microsoft/PowerStig/wiki/OracleJRE) | Provides a mechanism to manage Oracle Java Runtime Environment STIG settings. |
+|[RHEL](https://github.com/Microsoft/PowerStig/wiki/RHEL) | Provides a mechanism to manage RedHat Enterprise Linux STIG settings. |
 |[SqlServer](https://github.com/Microsoft/PowerStig/wiki/SqlServer) | Provides a mechanism to manage SqlServer STIG settings. |
+|[Ubuntu](https://github.com/Microsoft/PowerStig/wiki/Ubuntu) | Provides a mechanism to manage Ubuntu Linux STIG settings. |
+|[Vsphere](https://github.com/Microsoft/PowerStig/wiki/Vsphere) | Provides a mechanism to manage VMware Vsphere STIG settings. |
+|[WindowsClient](https://github.com/Microsoft/PowerStig/wiki/WindowsClient) | Provides a mechanism to manage Windows Client STIG settings. |
+|[WindowsDefender](https://github.com/Microsoft/PowerStig/wiki/WindowsDefender) | Provides a mechanism to manage Windows Defender STIG settings. |
 |[WindowsDnsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsDnsServer) | Provides a mechanism to manage Windows DNS Server STIG settings. |
 |[WindowsFirewall](https://github.com/Microsoft/PowerStig/wiki/WindowsFirewall) | Provides a mechanism to manage the Windows Firewall STIG settings. |
 |[WindowsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsServer) | Provides a mechanism to manage the Windows Server STIG settings. |
@@ -134,3 +147,4 @@ We are especially thankful for those who have contributed pull requests to the c
 * [@mikedzikowski](https://github.com/mikedzikowski) (Mike Dzikowski)
 * [@togriffith](https://github.com/mikedzikowski) (Tony Griffith)
 * [@hinderjd](https://github.com/hinderjd) (James Hinders)
+* [@ruandersMSFT](https://github.com/ruandersMSFT) (Russell Anderson)

source/Module/Common/Convert/Data.ps1

@@ -86,6 +86,8 @@ data exclusionRuleList
         V-204440 = 'RHEL: At present, unable to automate rule'
         V-204456 = 'RHEL: At present, unable to automate rule'
         V-228564 = 'RHEL: At present, unable to automate rule'
+        V-251704 = 'RHEL: At present, unable to automate rule'
+        V-255927 = 'RHEL: At present, unable to automate rule'
         V-219151 = 'Ubuntu: At present, unable to automate rule'
         V-219155 = 'Ubuntu: At present, unable to automate rule'
         V-219164 = 'Ubuntu: At present, unable to automate rule'
@@ -103,6 +105,16 @@ data exclusionRuleList
         V-219326 = 'Ubuntu: At present, unable to automate rule'
         V-219331 = 'Ubuntu: At present, unable to automate rule'
         V-219341 = 'Ubuntu: At present, unable to automate rule'
+        V-219159 = 'Ubuntu: At present, unable to automate rule'
+        V-219163 = 'Ubuntu: At present, unable to automate rule'
+        V-219228 = 'Ubuntu: At present, unable to automate rule'
+        V-219229 = 'Ubuntu: At present, unable to automate rule'
+        V-219230 = 'Ubuntu: At present, unable to automate rule'
+        V-219231 = 'Ubuntu: At present, unable to automate rule'
+        V-219232 = 'Ubuntu: At present, unable to automate rule'
+        V-219233 = 'Ubuntu: At present, unable to automate rule'
+        V-219330 = 'Ubuntu: At present, unable to automate rule'
+        V-255907 = 'Ubuntu: At present, unable to automate rule'
         V-235722 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235753 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235755 = 'Edge: Rule requires an unknown list and count of whitelisted extensions, unable to automate rule'

source/Module/Common/Functions.XccdfXml.ps1

@@ -451,6 +451,7 @@ function Split-BenchmarkId
             # The Windows Server 2012 and 2012 R2 STIGs are combined, so return the 2012R2
             $id = $id -replace '_2012_', '_2012R2_'
             $returnId = $id -replace ($windowsVariations -join '|'), 'WindowsServer'
+            $returnId = $returnId -replace 'MS_', ''
             continue
         }
         {$PSItem -match "Active_Directory"}
@@ -514,8 +515,8 @@ function Split-BenchmarkId
         {$PSItem -match 'Ubuntu'}
         {
             $ubuntuId = $id -split '_'
-            $ubuntuVersion = $ubuntuId[3] -replace '-', '.'
-            $returnId = '{0}_{1}' -f $ubuntuId[2], $ubuntuVersion
+            $ubuntuVersion = $ubuntuId[-1] -replace '-', '.'
+            $returnId = '{0}_{1}' -f $ubuntuId[-2], $ubuntuVersion
             continue
         }
         default

source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1

@@ -66,6 +66,9 @@ class AuditPolicyRuleConvert : AuditPolicyRule
         $thisSubcategory = $regex.Groups.Where(
             {$_.Name -eq 'subcategory'}
         ).Value
+        
+        # Windows STIGS have 'Audit Audit' as part of the string, but the actual policy is 'Audit Policy Change'
+        $thisSubcategory = $thisSubcategory -replace 'Audit Audit', 'Audit'
 
         if (-not $this.SetStatus($thisSubcategory))
         {

source/PowerStig.psd1

@@ -6,7 +6,7 @@
     RootModule = 'PowerStig.psm1'
 
     # Version number of this module.
-    ModuleVersion = '4.15.0'
+    ModuleVersion = '4.16.0'
 
     # ID used to uniquely identify this module
     GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3'

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R7_Manual-xccdf.log

@@ -1,4 +1,4 @@
-V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name 
+V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name
 V-221562::3. If the a registry value name of 1 does not exist under that key or its value is not set to *::3. If the 1 value name does not exist under that key or its value data is not set to *
 V-221597::3. If the “::3. If the "
 V-221599::3. If the key "DeveloperToolsAvailability"::3. If the "DeveloperToolsAvailability" value name
@@ -10,4 +10,4 @@ V-221588::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-221596::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'AutoplayAllowlist'; ValueType = 'MultiString';  ValueData = $null; OrganizationValueTestString = "{0} -eq 'a list of administrator-approved URLs"}
 V-234701::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'SSLVersionMin'; ValueType = 'String';  ValueData = 'tls1.2'}
 V-245539::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Absent'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'CookiesSessionOnlyForUrls'}
-V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}
+V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R8_Manual-xccdf.log

@@ -1,4 +1,4 @@
-V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name 
+V-221561::3. If the value name DefaultPopupsSetting::3. If the DefaultPopupsSetting value name
 V-221562::3. If the a registry value name of 1 does not exist under that key or its value is not set to *::3. If the 1 value name does not exist under that key or its value data is not set to *
 V-221597::3. If the “::3. If the "
 V-221599::3. If the key "DeveloperToolsAvailability"::3. If the "DeveloperToolsAvailability" value name

source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R10_Manual-xccdf.log

@@ -22,7 +22,7 @@ V-204511::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; Contains
 V-204512::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audisp/audisp-remote.conf'; OrganizationValueTestString = 'the "network_failure_action" option is set to "SYSLOG", "SINGLE", or "HALT"; i.e.: "network_failure_action = syslog" '}
 V-204515::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audit/auditd.conf'; OrganizationValueTestString = 'the value of the "action_mail_acct" keyword is set to "root" and/or other accounts for security personnel; i.e.: "action_mail_acct = root" '}
 V-204576::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null; FilePath = '/etc/security/limits.d/204576-powerstig.conf'; OrganizationValueTestString = 'the "maxlogins" value is set to "10" or less '}
-V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
+V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/bashrc'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
 V-204584::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'kernel.randomize_va_space = 2'; FilePath = '/etc/sysctl.d/204584-powerstig.conf'}
 V-204609::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.accept_source_route = 0'; FilePath = '/etc/sysctl.d/204609-powerstig.conf'}
 V-204610::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.rp_filter = 1'; FilePath = '/etc/sysctl.d/204610-powerstig.conf'}
@@ -40,4 +40,4 @@ V-237635::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null
 V-244557::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/grub2/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/grub2/grub.cfg'}
 V-244558::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/efi/EFI/redhat/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg'}
 V-250314::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL'; FilePath = '/etc/sudoers.d/250314-powerstig.conf'}
-V-251704::*::HardCodedRule(ManualRule)@{DscResource = 'None'}
+V-255926::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = $null; OrganizationValueTestString = 'Specify either tmux or screen depending on preference'}

source/StigData/Archive/Linux.Ubuntu/U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.log

@@ -8,3 +8,4 @@ V-219303::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc
 V-219306::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'auth.*,authpriv.* /var/log/secure'; DoesNotContainPattern = '#\s*auth\.\*,\s*authpriv\.\*.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'daemon.notice /var/log/messages'; DoesNotContainPattern = '#\sdaemon.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}
 V-219307::Ciphers aes256-ctr,aes192-ctr, aes128-ctr::Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 V-219339::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}
+V-219343::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = 'aide'}

source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.log

@@ -31,8 +31,8 @@ V-223355::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; En
 V-223358::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'usecrlchasing' ;ValueType = 'Dword'; ValueData = '1'}
 V-223376::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Project\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223377::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\powerpoint\security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
+V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
 V-223393::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Visio\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223417::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223309::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility'; ValueData = 'Block all Flash activation'; ValueName = 'COMMENT'; ValueType = 'String'}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R8_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_8-5_Site_STIG_V2R7_Manual-xccdf.log

@@ -2,4 +2,4 @@ V-214465::If the "maxAllowedContentLength" value is not explicitly set to "30000
 V-214444::System Administrator::""
 V-214448::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebsite'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}
 V-214484::*::.
-V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = "'Time,Schedule'"}
+V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; OrganizationValueRequired = 'true'; OrganizationValueTestString = "'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'"}

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Processed/Google-Chrome-2.8.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-221563' -eq 'oiigbmnaadbkfbmpbfijlflahbdbdgdf | a list of administrator-approved extension IDs'-->
   <OrganizationalSetting id="V-221563" ValueData="" />
   <!-- Ensure 'V-221564' -eq 'an organization approved encrypted search provider'-->

source/StigData/Processed/Google-Chrome-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Apr 2022 3.3.0.27375 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="6/6/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/10/2023">
   <ManualRule dscresourcemodule="None">
     <Rule id="V-221584" severity="medium" conversionstatus="pass" title="SRG-APP-000456" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the browser can introduce security vulnerabilities to the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -7,7 +7,7 @@
       <LegacyId>V-44805</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
 1. In the omnibox (address bar) type chrome://settings/help
 2. Cross-reference the build information displayed with the Google Chrome site to identify, at minimum, the oldest supported build available.  As of July 2019, this is 74.x.x.
 3. If the installed version of Chrome is not supported by Google, this is a finding.</RawString>
@@ -23,23 +23,23 @@
       <LegacyId>V-44711</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows registry:
    1. Start regedit
    2. Navigate to HKLM\Software\Policies\Google\Chrome\
-   3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.  
+   3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.
 </RawString>
       <ValueData>0</ValueData>
       <ValueName>RemoteAccessHostFirewallTraversal</ValueName>
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221559" severity="medium" conversionstatus="pass" title="SRG-APP-000206" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the browser.   If the information of what sites are being accessed is made available to unauthorized persons, this violates confidentiality requirements, and over time poses a significant OPSEC issue. This policy setting allows you to set whether websites are allowed to track the user’s physical location. Tracking the user’s physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.   
-   1 = Allow sites to track the user’s physical location   
-   2 = Do not allow any site to track the user’s physical location   
+      <Description>&lt;VulnDiscussion&gt;Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the browser.   If the information of what sites are being accessed is made available to unauthorized persons, this violates confidentiality requirements, and over time poses a significant OPSEC issue. This policy setting allows you to set whether websites are allowed to track the user’s physical location. Tracking the user’s physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.
+   1 = Allow sites to track the user’s physical location
+   2 = Do not allow any site to track the user’s physical location
    3 = Ask whenever a site wants to track the user’s physical location&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -48,8 +48,8 @@ Windows registry:
       <LegacyId>V-44723</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:               
-   1. In the omnibox (address bar) type chrome://policy             
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If DefaultGeolocationSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding.
 
 Windows method:
@@ -62,8 +62,8 @@ Windows method:
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221561" severity="medium" conversionstatus="pass" title="SRG-APP-000141" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;Chrome allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up windows are not prevented from appearing. If you disable this policy setting, scripts can continue to create pop-up windows, and pop-ups that hide other windows. Recommend configuring this setting to ‘2’ to help prevent malicious websites from controlling the pop-up windows or fooling users into clicking on the wrong window.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.  If this policy is left not set, 'BlockPopups' will be used and the user will be able to change it.    
-   1 = Allow all sites to show pop-ups    
+      <Description>&lt;VulnDiscussion&gt;Chrome allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. If you enable this policy setting, most unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up windows are not prevented from appearing. If you disable this policy setting, scripts can continue to create pop-up windows, and pop-ups that hide other windows. Recommend configuring this setting to ‘2’ to help prevent malicious websites from controlling the pop-up windows or fooling users into clicking on the wrong window.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.  If this policy is left not set, 'BlockPopups' will be used and the user will be able to change it.
+   1 = Allow all sites to show pop-ups
    2 = Do not allow any site to show pop-ups&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -72,8 +72,8 @@ Windows method:
       <LegacyId>V-44719</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If DefaultPopupsSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding.
 
 Windows method:
@@ -95,8 +95,8 @@ Note:  If AO Approved exceptions to this rule have been enabled, this is not a f
       <LegacyId>V-44727</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If ExtensionInstallBlocklist is not displayed under the Policy Name column or it is not set to * under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -116,8 +116,8 @@ Windows method:
       <LegacyId>V-44729</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
       <OrganizationValueTestString>{0} -eq 'oiigbmnaadbkfbmpbfijlflahbdbdgdf | a list of administrator-approved extension IDs'</OrganizationValueTestString>
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding.
 
 Windows method:
@@ -137,8 +137,8 @@ Windows method:
       <LegacyId>V-44733</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
       <OrganizationValueTestString>{0} -eq 'an organization approved encrypted search provider'</OrganizationValueTestString>
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If DefaultSearchProviderName is displayed under the Policy Name column or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted) under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -161,7 +161,7 @@ Windows method:
       <OrganizationValueTestString>{0} -eq 'an organization-approved encrypted search string'</OrganizationValueTestString>
       <RawString>If the system is on the SIPRNet, this requirement is NA.
 
-Universal method: 
+Universal method:
 1. In the omnibox (address bar) type chrome://policy.
 2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding.
 
@@ -182,8 +182,8 @@ Windows method:
       <LegacyId>V-44737</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If DefaultSearchProviderEnabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -205,8 +205,8 @@ Note: This policy will only display in the chrome://policy tab on domain joined
       <LegacyId>V-44741</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:           
-   1. In the omnibox (address bar) type chrome://policy           
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If PasswordManagerEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -227,8 +227,8 @@ Windows method:
       <LegacyId>V-44753</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If BackgroundModeEnabled is not displayed under the Policy Name column and it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -249,8 +249,8 @@ Windows method:
       <LegacyId>V-44759</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-  1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+  1. In the omnibox (address bar) type chrome://policy
   2. If SyncDisabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -268,7 +268,7 @@ This policy disables the listed protocol schemes in Google Chrome, URLs using a
       <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
-      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis</Key>
+      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist</Key>
       <LegacyId>V-44761</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
@@ -295,8 +295,8 @@ Windows method:
       <LegacyId>V-44765</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If CloudPrintProxyEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -336,8 +336,8 @@ Windows method:
       <LegacyId>V-44771</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If MetricsReportingEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -359,8 +359,8 @@ Note: This policy will only display in the chrome://policy tab on domain joined
       <LegacyId>V-44773</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If SearchSuggestEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -381,8 +381,8 @@ Windows method:
       <LegacyId>V-44775</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If ImportSavedPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -394,9 +394,9 @@ Windows method:
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221578" severity="medium" conversionstatus="pass" title="SRG-APP-000080" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;Incognito mode allows the user to browse the Internet without recording their browsing history/activity.  From a forensics perspective, this is unacceptable.  Best practice requires that browser history is retained.  The "IncognitoModeAvailability" setting controls whether the user may utilize Incognito mode in Google Chrome. If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode. If 'Disabled' is selected, pages may not be opened in Incognito mode. If 'Forced' is selected, pages may be opened ONLY in Incognito mode.   
-   0 = Incognito mode available.    
-   1 = Incognito mode disabled.    
+      <Description>&lt;VulnDiscussion&gt;Incognito mode allows the user to browse the Internet without recording their browsing history/activity.  From a forensics perspective, this is unacceptable.  Best practice requires that browser history is retained.  The "IncognitoModeAvailability" setting controls whether the user may utilize Incognito mode in Google Chrome. If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode. If 'Disabled' is selected, pages may not be opened in Incognito mode. If 'Forced' is selected, pages may be opened ONLY in Incognito mode.
+   0 = Incognito mode available.
+   1 = Incognito mode disabled.
    2 = Incognito mode forced.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -405,8 +405,8 @@ Windows method:
       <LegacyId>V-44777</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If IncognitoModeAvailability is not displayed under the Policy Name column or it is not set to 1 under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -427,8 +427,8 @@ Windows method:
       <LegacyId>V-44789</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -455,8 +455,8 @@ If this policy is set to 'EnhancedProtection' (value 2), Safe Browsing is always
       <LegacyId>V-44791</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If SafeBrowsingProtectionLevel is not displayed under the Policy Name column or it is not set to 1 or 2 under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -476,8 +476,8 @@ Windows method:
       <LegacyId>V-44793</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method:        
-   1. In the omnibox (address bar) type chrome://policy        
+      <RawString>Universal method:
+   1. In the omnibox (address bar) type chrome://policy
    2. If the policy 'SavingBrowserHistoryDisabled' is not shown or is not set to false, then this is a finding.
 
 Windows method:
@@ -498,8 +498,8 @@ Windows method:
       <LegacyId>V-75165</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
- 1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+ 1. In the omnibox (address bar) type chrome://policy
  2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding.
 
 Windows method:
@@ -533,7 +533,7 @@ Windows method:
     <Rule id="V-221588" severity="medium" conversionstatus="pass" title="SRG-APP-000089" dscresource="RegistryPolicyFile">
       <Description>&lt;VulnDiscussion&gt;Configure the type of downloads that Google Chrome will completely block, without letting users override the security decision. If you set this policy, Google Chrome will prevent certain types of downloads, and will not let user bypass the security warnings. When the "Block dangerous downloads" option is chosen, all downloads are allowed, except for those that carry SafeBrowsing warnings. When the "Block potentially dangerous downloads" option is chosen, all downloads allowed, except for those that carry SafeBrowsing warnings of potentially dangerous downloads. When the "Block all downloads" option is chosen, all downloads are blocked.  When this policy is not set, (or the "No special restrictions" option is chosen), the downloads will go through the usual security restrictions based on SafeBrowsing analysis results.
 
-Note that these restrictions apply to downloads triggered from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to the save / download of the currently displayed page, nor does it apply to saving as PDF from the printing options. See https://developers.google.com/safe-browsing for more info on SafeBrowsing. 
+Note that these restrictions apply to downloads triggered from web page content, as well as the 'download link...' context menu option. These restrictions do not apply to the save / download of the currently displayed page, nor does it apply to saving as PDF from the printing options. See https://developers.google.com/safe-browsing for more info on SafeBrowsing.
 0 = No special restrictions
 1 = Block dangerous downloads
 2 = Block potentially dangerous downloads
@@ -594,7 +594,7 @@ If this policy is left not set, ”3” will be used, and the user will be able
       <LegacyId>V-81587</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "DefaultWebUsbGuardSetting" is not displayed under the "Policy Name" column or it is not set to "2", this is a finding.
 Windows method:
@@ -606,8 +606,8 @@ Windows method:
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221592" severity="medium" conversionstatus="pass" title="SRG-APP-000089" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;If set to “False”, prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
-If set to “True” or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
+      <Description>&lt;VulnDiscussion&gt;If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
+If set to "True" or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
 This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -616,11 +616,11 @@ This policy is available only on Windows instances that are joined to a Microsof
       <LegacyId>V-81591</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
- 1. Start regedit
+ 1. Start regedit.
  2. Navigate to HKLM\Software\Policies\Google\Chrome\
  3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding.</RawString>
       <ValueData>0</ValueData>
@@ -639,7 +639,7 @@ This policy is available only on Windows instances that are joined to a Microsof
       <LegacyId>V-81593</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "ChromeCleanupReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
@@ -660,7 +660,7 @@ If this policy set to ”False”, Google Cast will be disabled.&lt;/VulnDiscuss
       <LegacyId>V-81597</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "EnableMediaRouter" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
@@ -682,7 +682,7 @@ If the policy is set to "True", Google Chrome is allowed to autoplay media. If t
       <LegacyId>V-81581</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "AutoplayAllowed" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
@@ -727,7 +727,7 @@ If this policy is left not set, URL-keyed anonymized data collection will be ena
       <LegacyId>V-91203</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
 1. In the omnibox (address bar) type chrome://policy
 2. If "UrlKeyedAnonymizedDataCollectionEnabled" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding.
 Windows method:
@@ -770,8 +770,8 @@ Windows method:
       <LegacyId>V-97525</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If the policy "DeveloperToolsAvailability" is not shown or is not set to "2", this is a finding.
 
 Windows method:
@@ -793,8 +793,8 @@ If this policy is set to false, Google Chrome will not allow guest profiles to b
       <LegacyId>V-102867</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If BrowserGuestModeEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding.
 
 Windows method:
@@ -817,8 +817,8 @@ If this setting is enabled or has no value, the user will be able to control Aut
       <LegacyId>V-102869</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding.
 
 Windows method:
@@ -841,8 +841,8 @@ If this setting is enabled or has no value, the user will be able to control Aut
       <LegacyId>V-102871</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If AutofillAddressEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding.
 
 Windows method:
@@ -865,8 +865,8 @@ If it is not set, the user may be asked whether to import, or importing may happ
       <LegacyId>V-102873</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If ImportAutofillFormData is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding.
 
 Windows method:
@@ -891,7 +891,7 @@ When set, Google Chrome will not use SSL/TLS versions less than the specified ve
       <LegacyId>V-81583</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
  1. In the omnibox (address bar) type chrome://policy
  2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.2", this is a finding.
 Windows method:
@@ -916,8 +916,8 @@ Leaving the policy unset lets sites ask for access, but users can change this se
       <LegacyId>V-26961</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
-1. In the omnibox (address bar) type chrome://policy 
+      <RawString>Universal method:
+1. In the omnibox (address bar) type chrome://policy
 2. If DefaultWebBluetoothGuardSetting is not displayed under the Policy Name column or it is not set to 2 under the Policy Value column, then this is a finding.
 
 Windows method:
@@ -942,7 +942,7 @@ Setting the policy to Disabled disallows the use of QUIC protocol.&lt;/VulnDiscu
       </LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
 1. In the omnibox (address bar), type chrome://policy.
 2. If QuicAllowed is not displayed under the Policy Name column or it is not set to False under the Policy Value column, this is a finding.
 
@@ -966,7 +966,7 @@ For URLs not covered by the patterns specified here, or for all URLs if this pol
       </LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Universal method: 
+      <RawString>Universal method:
 1. In the omnibox (address bar) type chrome://policy.
 2. If the policy "CookiesSessionOnlyForUrls" exists and has any defined values, this is a finding.
 

source/StigData/Processed/IISServer-10.0-2.7.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="11/28/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="2/14/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -958,8 +958,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>System</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -967,8 +966,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Administrators</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -976,8 +974,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>TrustedInstaller</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -985,8 +982,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -994,8 +990,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL RESTRICTED APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -1003,8 +998,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Users</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute,ListDirectory</Rights>
         </Entry>
         <Entry>

source/StigData/Processed/IISServer-10.0-2.8.org.default.xml

@@ -1,13 +1,13 @@
-<!--
-    The organizational settings file is used to define the local organizations
-    preferred setting within an allowed range of the STIG.
-
-    Each setting in this file is linked by STIG ID and the valid range is in an
-    associated comment.
--->
-<OrganizationalSettings fullversion="2.6">
-  <!-- Ensure ''V-218785'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
-  <OrganizationalSetting id="V-218785" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
-  <!-- Ensure ''V-218805.a'' -le '00:20:00'-->
-  <OrganizationalSetting id="V-218805.a" Value="00:20:00" />
-</OrganizationalSettings>
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="2.8">
+  <!-- Ensure ''V-218785'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
+  <OrganizationalSetting id="V-218785" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
+  <!-- Ensure ''V-218805.a'' -le '00:20:00'-->
+  <OrganizationalSetting id="V-218805.a" Value="00:20:00" />
+</OrganizationalSettings>

source/StigData/Processed/IISServer-8.5-2.5.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.3">
+<OrganizationalSettings fullversion="2.5">
   <!-- Ensure ''V-214400'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214400" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-214420.b'' -le '00:20:00'-->

source/StigData/Processed/IISServer-8.5-2.5.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R3_Manual-xccdf.xml" releaseinfo="Release: 3 Benchmark Date: 27 Oct 2021 3.2.2.36079 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.3" created="11/3/2021">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-214399" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -776,9 +776,10 @@ Open the IIS 8.5 Manager.
 
 Click the IIS 8.5 web server name.
 
-Double-click the “.NET Authorization Rules” icon.
+Double-click the ".NET Authorization Rules" icon.
 
-If any groups other than “Administrators” are listed, this is a finding.</RawString>
+Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny", otherwise this is a finding.
+If any other rules are present, this is a finding.</RawString>
     </Rule>
     <Rule id="V-214442" severity="medium" conversionstatus="pass" title="SRG-APP-000001-WSR-000001" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a website, facilitating a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive (i.e., a parameter used to limit the amount of time a connection may be inactive).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>

source/StigData/Processed/IISSite-8.5-2.7.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.5">
+<OrganizationalSettings fullversion="2.7">
   <!-- Ensure ''V-214448'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214448" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure 'V-214464' -le 4096-->
@@ -20,8 +20,6 @@
   <OrganizationalSetting id="V-214475" Value="00:20:00" />
   <!-- Ensure 'V-214485' -ne 0-->
   <OrganizationalSetting id="V-214485" Value="35000" />
-  <!-- Ensure 'V-214487' -ne 0-->
-  <OrganizationalSetting id="V-214487" Value="1000000" />
   <!-- Ensure ''V-214488'' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'-->
   <OrganizationalSetting id="V-214488" Value="'Time,Requests,Schedule,Memory,IsapiUnhealthy,OnDemand,ConfigChange,PrivateMemory'" />
   <!-- Ensure 'V-214489' -le 1000-->

source/StigData/Processed/Office-365ProPlus-2.8.org.default.xml

@@ -5,17 +5,17 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-223282' is 2|3|4-->
   <OrganizationalSetting id="V-223282" ValueData="3" />
   <!-- Ensure 'V-223288' is 6-->
   <OrganizationalSetting id="V-223288" ValueData="6" />
-  <!-- Ensure 'V-223311' is 2|3|4-->
+  <!-- Ensure 'V-223311' is 3|4-->
   <OrganizationalSetting id="V-223311" ValueData="3" />
   <!-- Ensure 'V-223333' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223333" ValueData="1" />
   <!-- Ensure 'V-223335' is 1|DoesNotExist-->
-<OrganizationalSetting id="V-223335" ValueData="1" />
+  <OrganizationalSetting id="V-223335" ValueData="1" />
   <!-- Ensure 'V-223340' is 0|DoesNotExist-->
   <OrganizationalSetting id="V-223340" ValueData="0" />
   <!-- Ensure 'V-223341' is 0|DoesNotExist-->
@@ -36,7 +36,7 @@
   <OrganizationalSetting id="V-223381" ValueData="0" />
   <!-- Ensure 'V-223388.a' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223388.a" ValueData="1" />
-  <!-- Ensure 'V-223392' is 2|3|4-->
+  <!-- Ensure 'V-223392' is 3|4-->
   <OrganizationalSetting id="V-223392" ValueData="3" />
   <!-- Ensure 'V-223393' is 2|3|4-->
   <OrganizationalSetting id="V-223393" ValueData="3" />

source/StigData/Processed/Office-365ProPlus-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="8/23/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-223296" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes that user's type into Internet Explorer. Even legitimate add-ons may demand resources, compromising the performance of Internet Explorer and the operating systems for user computers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -743,14 +743,13 @@ If you enable this policy setting, you can choose from four options for determin
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security</Key>
       <LegacyId>V-99697</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
-      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Application Settings &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "VBA macro Notification Settings" is set to "Enabled" and "Disable all except digitally signed macros" from the Options. 
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
+      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Excel Options &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "Macro Notification Settings" is set to "Enabled" and "Disable VBA macros except digitally signed macros" from the Options is selected.
 
 Use the Windows Registry Editor to navigate to the following key:
-
 HKCU\software\policies\Microsoft\office\16.0\excel\security
 
-If the value vbawarnings is REG_DWORD = 3, this is not a finding. Values of REG_DWORD = 2 or 4 are also acceptable. If the registry key does not exist or the value is REG_DWORD =1, this is a finding.</RawString>
+If the value vbawarnings is REG_DWORD = 3, this is not a finding. A value of REG_DWORD =  4 are also acceptable. If the registry key does not exist or is not configured properly, this is a finding.</RawString>
       <ValueData />
       <ValueName>vbawarnings</ValueName>
       <ValueType>Dword</ValueType>
@@ -1108,12 +1107,12 @@ Use the Windows Registry Editor to navigate to the following key:
 
 HKCU\software\policies\microsoft\office\16.0\excel\security\fileblock
 
-If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a finding.</RawString>
+If the value for xl95workbooks is REG_DWORD = 2, this is not a finding.</RawString>
       <ValueData>2</ValueData>
-      <ValueName>xl9597workbooksandtemplates</ValueName>
+      <ValueName>xl95workbooks</ValueName>
       <ValueType>Dword</ValueType>
     </Rule>
-    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
+    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="RegistryPolicyFile">
       <Description>&lt;VulnDiscussion&gt;This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open, view, edit, or save files. The options that can be selected are below. Note: Not all options may be available for this policy setting.
 
 - Do not block: The file type will not be blocked.
@@ -1124,7 +1123,7 @@ If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a fin
 - Allow editing and open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit will be enabled. 
 
 If you disable or do not configure this policy setting, the file type will not be blocked.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf>V-223323</DuplicateOf>
+      <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security\fileblock</Key>
@@ -2936,7 +2935,7 @@ Therefore, if you created a list of trusted publishers in a previous version of
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security</Key>
       <LegacyId>V-99861</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
       <RawString>Set policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Publisher 2016 &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; VBA Macro Notification Settings &gt;&gt; VBA Macro Notification Settings to "Enabled" "Disable all except digitally signed macros"
  
 Use the Windows Registry Editor to navigate to the following key: 

source/StigData/Processed/RHEL-7-3.10.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="3.8">
+<OrganizationalSettings fullversion="3.10">
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "difok" is set to less than "8", this is a finding." -->
   <OrganizationalSetting id="V-204411" ContainsLine="difok = 8" DoesNotContainPattern="#\s*difok\s*=.*|^\s*difok\s*=\s*(-|)[0-7]$" />
   <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "minclass" is set to less than "4", this is a finding." -->
@@ -38,6 +38,10 @@
   <OrganizationalSetting id="V-204576" Contents="* hard maxlogins 10" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
   <OrganizationalSetting id="V-204579.b" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.c" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.d" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" has a value that is greater than "600" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding." -->
   <OrganizationalSetting id="V-204587" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
   <!-- Ensure the "Defaults timestamp_timeout=[value]" must be a number that is greater than or equal to "0" -->
@@ -46,4 +50,6 @@
   <OrganizationalSetting id="V-244557" ContainsLine="" DoesNotContainPattern="" />
   <!-- Ensure "set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg-->
   <OrganizationalSetting id="V-244558" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure Specify either tmux or screen depending on preference-->
+  <OrganizationalSetting id="V-255926" Name="" />
 </OrganizationalSettings>

source/StigData/Processed/Ubuntu-18.04-2.10.org.default.xml

@@ -1,43 +1,43 @@
-<!--
-    The organizational settings file is used to define the local organizations
-    preferred setting within an allowed range of the STIG.
-
-    Each setting in this file is linked by STIG ID and the valid range is in an
-    associated comment.
--->
-<OrganizationalSettings fullversion="2.8">
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
-  <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->
-  <OrganizationalSetting id="V-219152.b" ContainsLine="" DoesNotContainPattern="" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the remote_server parameter is not set or is set with a local address, or is set with invalid address, this is a finding i.e.: remote_server = <your remote audit log server ip>-->
-  <OrganizationalSetting id="V-219153.c" ContainsLine="" DoesNotContainPattern="" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219172" ContainsLine="ucredit=-1" DoesNotContainPattern="^#\s*ucredit.*$|^ucredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219173" ContainsLine="lcredit=-1" DoesNotContainPattern="^#\s*lcredit.*$|^lcredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "dcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219174" ContainsLine="dcredit=-1" DoesNotContainPattern="^#\s*dcredit.*$|^dcredit\s*=\s*(?!-1\b)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "difok" parameter is less than "8", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219175" ContainsLine="difok=8" DoesNotContainPattern="^\s*difok\s*=\s*(-|)[0-7]$|#\s*difok\s*=.*|difok\s+=\s+.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ENCRYPT_METHOD" does not equal SHA512 or greater, this is a finding." -->
-  <OrganizationalSetting id="V-219176" ContainsLine="ENCRYPT_METHOD SHA512" DoesNotContainPattern="#\s*ENCRYPT_METHOD\s*SHA512" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MIN_DAYS" parameter value is less than 1, or commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219178" ContainsLine="PASS_MIN_DAYS 1" DoesNotContainPattern="^\s*PASS_MIN_DAYS\s*[0]*$|#\s*PASS_MIN_DAYS.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MAX_DAYS" parameter value is less than 60, or commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219179" ContainsLine="PASS_MAX_DAYS 60" DoesNotContainPattern="^\s*PASS_MAX_DAYS\s*([6][1-9]|[7-9][0-9]|\d{3,})$|#\s*PASS_MAX_DAYS.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "minlen" parameter value is not 15 or higher, or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219181" ContainsLine="minlen=15" DoesNotContainPattern="^\s*minlen\s*=\s*([0-9]|[1][1-4])$|#\s*minlen.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ocredit" parameter is greater than "-1", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219210" ContainsLine="ocredit=-1" DoesNotContainPattern="^#\s*ocredit.*$|^ocredit\s*=\s*(?!-1)\w*$" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219226" ContainsLine="action_mail_acct = root" DoesNotContainPattern="#\s*action_mail_acct\s*=\s*root" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding. -->
-  <OrganizationalSetting id="V-219227" ContainsLine="disk_full_action = HALT" DoesNotContainPattern="#\s*disk_full_action.*|^\s*disk_full_action\s*=\s*(?!HALT\b)\w+" />
-    <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219301" ContainsLine="* hard maxlogins 10" DoesNotContainPattern="^\s*\*\s*hard\s*maxlogins\s*([1][1-9]|[2-9]\d+|[1-9][0-9]\d+)$|^#\s*\*\s*hard\s*maxlogins." />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/autologout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
-  <OrganizationalSetting id="V-219303.b" ContainsLine="TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
-  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" does not exist, is not set to a value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding." -->
-  <OrganizationalSetting id="V-219311" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
-</OrganizationalSettings>
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="2.9">
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
+  <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->
+  <OrganizationalSetting id="V-219152.b" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the remote_server parameter is not set or is set with a local address, or is set with invalid address, this is a finding i.e.: remote_server = <your remote audit log server ip>-->
+  <OrganizationalSetting id="V-219153.c" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ucredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219172" ContainsLine="ucredit=-1" DoesNotContainPattern="^#\s*ucredit.*$|^ucredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "lcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219173" ContainsLine="lcredit=-1" DoesNotContainPattern="^#\s*lcredit.*$|^lcredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "dcredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219174" ContainsLine="dcredit=-1" DoesNotContainPattern="^#\s*dcredit.*$|^dcredit\s*=\s*(?!-1\b)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "difok" parameter is less than "8", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219175" ContainsLine="difok=8" DoesNotContainPattern="^\s*difok\s*=\s*(-|)[0-7]$|#\s*difok\s*=.*|difok\s+=\s+.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ENCRYPT_METHOD" does not equal SHA512 or greater, this is a finding." -->
+  <OrganizationalSetting id="V-219176" ContainsLine="ENCRYPT_METHOD SHA512" DoesNotContainPattern="#\s*ENCRYPT_METHOD\s*SHA512" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MIN_DAYS" parameter value is less than 1, or commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219178" ContainsLine="PASS_MIN_DAYS 1" DoesNotContainPattern="^\s*PASS_MIN_DAYS\s*[0]*$|#\s*PASS_MIN_DAYS.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "PASS_MAX_DAYS" parameter value is less than 60, or commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219179" ContainsLine="PASS_MAX_DAYS 60" DoesNotContainPattern="^\s*PASS_MAX_DAYS\s*([6][1-9]|[7-9][0-9]|\d{3,})$|#\s*PASS_MAX_DAYS.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "minlen" parameter value is not 15 or higher, or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219181" ContainsLine="minlen=15" DoesNotContainPattern="^\s*minlen\s*=\s*([0-9]|[1][1-4])$|#\s*minlen.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "ocredit" parameter is greater than "-1", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219210" ContainsLine="ocredit=-1" DoesNotContainPattern="^#\s*ocredit.*$|^ocredit\s*=\s*(?!-1)\w*$" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219226" ContainsLine="action_mail_acct = root" DoesNotContainPattern="#\s*action_mail_acct\s*=\s*root" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding. -->
+  <OrganizationalSetting id="V-219227" ContainsLine="disk_full_action = HALT" DoesNotContainPattern="#\s*disk_full_action.*|^\s*disk_full_action\s*=\s*(?!HALT\b)\w+" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219301" ContainsLine="* hard maxlogins 10" DoesNotContainPattern="^\s*\*\s*hard\s*maxlogins\s*([1][1-9]|[2-9]\d+|[1-9][0-9]\d+)$|^#\s*\*\s*hard\s*maxlogins." />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/autologout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-219303.b" ContainsLine="TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" does not exist, is not set to a value of "600" or less in "/etc/ssh/sshd_config", or is commented out, this is a finding." -->
+  <OrganizationalSetting id="V-219311" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
+</OrganizationalSettings>

source/StigData/Processed/WindowsServer-2022-DC-1.1.org.default.xml

@@ -0,0 +1,95 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254387'' -le '600' -and ''V-254387'' -ne '0'-->
+  <OrganizationalSetting id="V-254387" PolicyValue="600" />
+  <!-- Ensure ''V-254388'' -le '10' -and ''V-254388'' -ne '0'-->
+  <OrganizationalSetting id="V-254388" PolicyValue="10" />
+  <!-- Ensure ''V-254389'' -le '7'-->
+  <OrganizationalSetting id="V-254389" PolicyValue="7" />
+  <!-- Ensure ''V-254390'' -le '5'-->
+  <OrganizationalSetting id="V-254390" PolicyValue="5" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>

source/StigData/Processed/WindowsServer-2022-MS-1.1.org.default.xml

@@ -0,0 +1,91 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254432'' -le '4'-->
+  <OrganizationalSetting id="V-254432" ValueData="4" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254435'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-254435" Identity="Enterprise Admins,Domain Admins,Local account and member of Administrators group,Guests" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>