Merge remote-tracking branch 'origin/4.16.0' into dev

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [4.16.0] - 2023-03-16
+
+* Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R10: [#1193](https://github.com/microsoft/PowerStig/issues/1193)
+* Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG: [#1191](https://github.com/microsoft/PowerStig/issues/1191)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R8: [#1196](https://github.com/microsoft/PowerStig/issues/1196)
+* Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)
+* Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus V2R8 #1194: [#1194](https://github.com/microsoft/PowerStig/issues/1194)
+* Update PowerSTIG to Parse/Apply Microsoft Windows Server 2022 V1R1 STIG - Ver 1, Rel 1: [#1190](https://github.com/microsoft/PowerStig/issues/1190)
+* Update Readme to reflect all covered technologies [#1184](https://github.com/microsoft/PowerStig/issues/1184)
+
 ## [4.15.0] - 2022-12-29
 
 * Update PowerSTIG to Parse/Apply Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 9: [#1164](https://github.com/microsoft/PowerStig/issues/1164)

FILEHASH.md

@@ -1,156 +1,160 @@
-# PowerSTIG File Hashes : Module Version 4.15.0
+# PowerSTIG File Hashes : Module Version 4.16.0
 
 Hashes for **PowerSTIG** files are listed in the following table:
 
 | File | SHA256 Hash | Size (bytes) |
 | :---- | ---- | ---: |
-| Adobe-AcrobatPro-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatPro-2.1.xml | 04AB72A08B8BEAD381DE0AB0BE5AD762D1ECE5428139A7A6CE2ABD2CC8B6118B | 54113 |
-| Adobe-AcrobatReader-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Adobe-AcrobatReader-1.6.xml | 0FEFDC7088E15320B2E94D52A718512DB3B677FB37D2AD0B00AE40E2CE89ADC1 | 54786 |
-| Adobe-AcrobatReader-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatReader-2.1.xml | D4EB78A7A898274EA19F9067236068E267387E853D4877C12E944ADD9778750F | 55467 |
-| DotNetFramework-4-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| DotNetFramework-4-2.1.xml | 4D6A3404C39C2846B686E97D66B78F9B1D1F921520CF1A276CF3CE39FD1F2938 | 57332 |
-| DotNetFramework-4-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| DotNetFramework-4-2.2.xml | 8E4AB02FE2C34C76FA578CADC767F323E714C9B8DAF6373E922EDC2B93A89D6D | 57276 |
-| FireFox-All-5.1.org.default.xml | E7C6EC873CBA03D49FAC68B22CD558C1D0108B32D441BEF3C5BD48EB3B95B911 | 297 |
-| FireFox-All-5.1.xml | B285EFC9F6A51899D65DC601ACF60A351C087A9C1E6C58F8E499B86BC92F599F | 46615 |
-| FireFox-All-5.2.org.default.xml | 9B72F155F7A22AEF2201C6CE20EC05E50FEF8B9EF8DA02AB5EDF920A16B18CC2 | 297 |
-| FireFox-All-5.2.xml | D19F32C9F4AA0DD54C38CAF228CF4CC1C2C5E0CD2C5EA8C726768A0DCD8B3D44 | 46744 |
-| Google-Chrome-2.6.org.default.xml | 7C81D2916C14787A5B0009A1E9CE9C41FF5E33235B35BDDE4467104F79082215 | 990 |
-| Google-Chrome-2.6.xml | 113ACBBA58E7578BC2B550DFAF4256E0B56C441AC8CD5DC80F6C63CD36C5668F | 93353 |
-| Google-Chrome-2.7.org.default.xml | 9B1559EAC6822D505F9BCA3C91570DA4818E3D5ACC6B836E774F2CBD621EB598 | 990 |
-| Google-Chrome-2.7.xml | EFB0D58A0B2B66020695A79396039A7D93848C13F65648D3079A47749CEAC715 | 93355 |
-| IISServer-10.0-2.6.org.default.xml | 95A59D5BB86845326537CC9A82DBB798BFEC89508560D1E34449310A03210AA4 | 752 |
-| IISServer-10.0-2.6.xml | C03F56D30CFBA90C6AFAD08CB088A0D968D9DA6EB658A1A4A1243E4E2D348896 | 136405 |
-| IISServer-10.0-2.7.org.default.xml | F145355FD8DD5CBFE84E3FC76A69E4AF046D2CCCE04F498704F928503F5F5C85 | 739 |
-| IISServer-10.0-2.7.xml | 8102C44BE74D7BC1214603BC77B49890E21E3DB7EB4BEA2652817A6EEEAB218A | 135599 |
-| IISServer-8.5-2.3.org.default.xml | 5214CE6723F1FDC543275D4C6D626F9C36428CDBEBCF3952F5DDECC9EF052EC5 | 739 |
-| IISServer-8.5-2.3.xml | F31E4A7F05EB5D84260F1ED9272254D68170C6E538EEA922C57F44E2D8A98ED5 | 131783 |
+| Adobe-AcrobatPro-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatPro-2.1.xml | 014A3C048B3C3CF43597155E564EDB802182C3C14E4BE68DEF85B148071FD320 | 54732 |
+| Adobe-AcrobatReader-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Adobe-AcrobatReader-1.6.xml | E5661CDA5DC7B532EED196E7864F70DE96144E010EC6DB5A3ABA921DBC359664 | 55466 |
+| Adobe-AcrobatReader-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatReader-2.1.xml | 9D48DF1B16B1D22B60CA4AA59B898421119E88CE0A24BB170D8FBAC1C4DD7573 | 56174 |
+| DotNetFramework-4-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| DotNetFramework-4-2.1.xml | D5DE0BFBE10D48D9EB1D7EDBAD55BAB654D6E7D44AC7BDFF6AA33AFB428CCD29 | 57984 |
+| DotNetFramework-4-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| DotNetFramework-4-2.2.xml | 294B45354DCFFAF12E1B859C64BEB70C27DB3942E32908DF8F259EA0B6503728 | 57926 |
+| FireFox-All-5.1.org.default.xml | C945966A44DEE00C73906437983A9BE413F6012F7E796F127545317096170D61 | 305 |
+| FireFox-All-5.1.xml | 7221F60B2D2AF30F506229A4A4429F3D1BEFBE07122CA61132407F35AB0BBC7E | 47024 |
+| FireFox-All-5.2.org.default.xml | 246A15D8F07D6ABC702CEA0C105CA89F93F36BDB8702C8FF81D960BEB66B9759 | 305 |
+| FireFox-All-5.2.xml | C7A987AADBF8B82CF2C200D7412C09D2C3ED4798B1F4E3F5F99DB627155BC909 | 47155 |
+| Google-Chrome-2.7.org.default.xml | 2C72514682BD1028908E63B2F5BAC8A72D5CC35CD1C402BA48EDFC4C5545BD1C | 1009 |
+| Google-Chrome-2.7.xml | 9F538B3A661952B4FB4AA38F7CBFEDFB8157B843A2F7046CEB918243FB751363 | 94337 |
+| Google-Chrome-2.8.org.default.xml | FE3FC2904EF4CC4D17D6911070C5B6C2CE86F279E7EE7487A2DA7F83F83066D0 | 1009 |
+| Google-Chrome-2.8.xml | 09AC14A7D31C20FC91E6DD7406CF22A775CA596AE2DF850A963C915DF483C9BC | 94052 |
+| IISServer-10.0-2.7.org.default.xml | ECA311FFECCBCEADB27A2F7CF1FD88C489EDF98206D65C755FBD794437E4852A | 752 |
+| IISServer-10.0-2.7.xml | B8757CCF4C8AA892346C70DD8312C3059ACEDDA0A730D0D7FAC190796EBCBE17 | 137334 |
+| IISServer-10.0-2.8.org.default.xml | 8482D17674D96660A2E213FDDC2A93552E81C3A4D96A43F8BC6DF08342E388C9 | 752 |
+| IISServer-10.0-2.8.xml | BE89F02F51BCEC375D64FA0CC94990E4CC501B8B640A761FB2B35D7C985C77B4 | 137396 |
 | IISServer-8.5-2.4.org.default.xml | 8034D2946139C2F0A6C93192F60CCE03C7DBEBEBDFA1F2C1FB01BE9597D873BB | 752 |
 | IISServer-8.5-2.4.xml | 081C0F929BF700DD594719DE11E343660DFB906716916DFB28BCDA4F41896685 | 132589 |
+| IISServer-8.5-2.5.org.default.xml | 956622CF2F23549C3AA1660AAC823D5EF0DD73A9C193303D142FD168D4CBDEE5 | 752 |
+| IISServer-8.5-2.5.xml | 0F8D082DB66148BE08F530F523B7B2B55124F57ACF5EEB05D699151F07B71B1B | 133450 |
 | IISSite-10.0-2.6.org.default.xml | 1C1E203AB4D6971068E09CBEB35C9C39BCA13B271C9EFE4FB95BBB9DC2957F91 | 1413 |
 | IISSite-10.0-2.6.xml | 4FA0844B38F05E4BCDE6B4D01CF3A3C08DBDFDF78A33B4EED2432EE8F06F577B | 113306 |
-| IISSite-10.0-2.7.org.default.xml | 66043BE739DA43C4D041D790961D28396707A71FC0EC7DC1C2C53112AF96F13B | 1388 |
-| IISSite-10.0-2.7.xml | C60114335C33CF0A6AD3C11B837428FE920E528F0AC79AA08A608B2D6F2AA925 | 110678 |
-| IISSite-8.5-2.5.org.default.xml | 1CC2FC4D560DC20509DD735506D3A05CD7013F052BA118D250A5437BAF1A9D4B | 1882 |
-| IISSite-8.5-2.5.xml | 6C107E0B975115D4C32A7EE327ECE07A7BB52118F4BB063A3C0FF7C0D98B071D | 124809 |
+| IISSite-10.0-2.7.org.default.xml | 0DB0FE0B6B2796ED6555C4029D8571135C55E31DB080B5351C97931EF4338EA8 | 1413 |
+| IISSite-10.0-2.7.xml | A84303C30AB3BAA48CAC47B5014BB714704B1D0B480F651FC4832E14B9DF2581 | 112015 |
 | IISSite-8.5-2.6.org.default.xml | 79EF409B1998296B7187B4F9DC0DC680E7E903C4F5C6DACBA55DD7CBF65ED6AE | 1819 |
 | IISSite-8.5-2.6.xml | 6FD8BBD8AC83EE0C14C5D64ED57D00FDCA692C9523F4D5DB7DF02191A90DF5AA | 122787 |
-| InternetExplorer-11-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| InternetExplorer-11-2.1.xml | 8E0E2B418E99BA217D9E0A4060D62FCCF053F6E6A1C5B5EB8ABDE6477A75C2DF | 329761 |
+| IISSite-8.5-2.7.org.default.xml | 41C5060A27C20B65330926366D4EDFF5C7108538BE6F9C314F35F991B2B939DF | 1819 |
+| IISSite-8.5-2.7.xml | 95A8C6FB824718CC9A13F3AF24781DAAEBC802DE2E677BC000E3A3EC817AED24 | 123589 |
+| InternetExplorer-11-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| InternetExplorer-11-2.1.xml | 1CDBB4ADA92FFB610BBD57F05D7055FC108CBBCA7770473907E8024C5637234B | 331854 |
 | InternetExplorer-11-2.2.org.default.xml | CFAFCD73ED15B911604867FF6423AB21CF6F66976DA781D58C2FFC7FCA70CF60 | 299 |
 | InternetExplorer-11-2.2.xml | D1C082EEB7B774413BCDE4BA7293FEAAD291F53A5FBDBB2E649F25E8ED61150E | 334340 |
-| McAfee-8.8-VirusScan-5.16.org.default.xml | 0122D7BC3AB85E7EEC2C8A989687541AEB6A7DCC025692894EB208B9ED5EDF2B | 760 |
-| McAfee-8.8-VirusScan-5.16.xml | 5A2E6A31CA07BF76F6F3A7F77D3FC1A180128D390C70F4ECFFFA3F9B19408625 | 241862 |
+| McAfee-8.8-VirusScan-5.16.org.default.xml | 28792D63E69F797CA02CCAE52F537B1001D9069BD7DE4F5A73375424C19FE660 | 777 |
+| McAfee-8.8-VirusScan-5.16.xml | 22CAEE788CA69690819D46548D19E40163FD8EB799F8EC7FAA4E5FB714C4F445 | 244268 |
 | MS-Edge-1.5.org.default.xml | 562551BABBA8AB74289B0FF4E7C88914ED7B771D35D4FADC33305459C7C11B3C | 1057 |
 | MS-Edge-1.5.xml | AF60D4691669E4A78E7BD907D32AF6FE6168EFEC8773DC71728EBDE4DA05EB9D | 115218 |
-| MS-Edge-1.6.org.default.xml | E191F7717B75893560A6CB4C9293CA84BD279116730C6790733AD90DCA452A13 | 1040 |
-| MS-Edge-1.6.xml | 8F2B0A0066454392D766F3FB12A99880BE64967AD8A412B3E4A0169B168F662C | 114286 |
-| Office-365ProPlus-2.6.org.default.xml | 630EF8AE632A67453ACF1983C01460CFAA8140E034F121B8DD9CC2AD828D8AFA | 2401 |
-| Office-365ProPlus-2.6.xml | 9EECC40ACC3387E33CE35251763D47FEF89D15F9594684857A0FA09BEF3A0A8A | 372098 |
-| Office-365ProPlus-2.7.org.default.xml | 76C543682926BE1640EF623637BB9C8CB08A72CFFEF19A7C527E9502F710257A | 2397 |
-| Office-365ProPlus-2.7.xml | C11EAD7FE98355F91A9569561893771D2A8837D0CF44017AB41910EBFB1DCB00 | 372099 |
-| Office-Excel2013-1.7.org.default.xml | 7112F164172614EEB9F470466C91609C1AA0EA8AD13F2A1A5AB0147FB0F8E790 | 418 |
-| Office-Excel2013-1.7.xml | 7F3C9FDDA62BD48C271890C2150381BD40A3E40254D5ED8702BA612F52B9863C | 109725 |
-| Office-Excel2016-1.2.org.default.xml | C7D6B6B2EFE31CCDBC9A072AEC52E17D5F9C7C52F326CF480E4B0BBCBEBBE779 | 517 |
-| Office-Excel2016-1.2.xml | C1EEAE1896224260C7EEB48EFEF773D3ECE42F1BD799CB1D4E923CC299CAF812 | 107254 |
-| Office-Outlook2013-1.12.org.default.xml | 6DE2F8E0E9DF57570762FBB22BAF17F389C74DF88E8737D9463DA7491C2DE862 | 298 |
-| Office-Outlook2013-1.12.xml | DCD510AFDC92DD03136480DA09353C4919E01438118D6D0FE9232CE933E7E4EE | 192069 |
-| Office-Outlook2013-1.13.org.default.xml | E0AABF9650DB6A37E05A15A6B943C7B05AA31B2581506380188172B171BA2339 | 450 |
-| Office-Outlook2013-1.13.xml | E7020C1084BD4090C8BB50BE8DFC0B865C3698CBF1802C0D1F7E01EF261437E1 | 192186 |
-| Office-Outlook2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-Outlook2016-2.2.xml | 509C5F1A353E9B18F5AF2EFE11D4389D47A89581676CC8BC3F71BBB9FDD4FD5F | 149729 |
-| Office-Outlook2016-2.3.org.default.xml | 985584822EF58BCE107E522081D8FB5EA24CC74856040D93EC88252958F12EDA | 297 |
-| Office-Outlook2016-2.3.xml | 52CC95E49055AE1DC22B2643868F38093979D9F925399DDB3EA9F7692F606C9B | 149853 |
-| Office-PowerPoint2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-PowerPoint2013-1.6.xml | F58B0231BCF94AF8E0808FEFE48CFC00E4F1F0636E73ED7E974ECAEB1F5A46AA | 93353 |
-| Office-PowerPoint2016-1.1.org.default.xml | 440A06FFB09F4FECB3546372E20FDB16C30F84B55F41EA5DA1AC891491E11F4C | 420 |
-| Office-PowerPoint2016-1.1.xml | CEAF4E6451621201D948A61DBFE57C303AA2F025CD0035374F2B24C68D9ADBCB | 90836 |
-| Office-Publisher2016-1.3.org.default.xml | 6E4C29EB64180DC23653B089C5734F0E4D493FE896DD0A2F4FCAFDC6407DD6AE | 422 |
+| MS-Edge-1.6.org.default.xml | 97393C5F48012A8890502024D487EF0DE2D67DE47B3EC5FD186352D08B233390 | 1057 |
+| MS-Edge-1.6.xml | A292381A242DA221D31BEAB2A3398E3599187B9E80C8DCDA92FB48EED9F9AF73 | 115719 |
+| Office-365ProPlus-2.7.org.default.xml | 43C03EA6FECC580FA689DBF77CC9E860D18C7ACF75A8A34B006A3699B8697AFB | 2448 |
+| Office-365ProPlus-2.7.xml | CC7BC37FEEF400CA37A3C7D83EEB77D51852FAF00ED47F9D3F0E0E2515B81140 | 375810 |
+| Office-365ProPlus-2.8.org.default.xml | 1E07FF9CBB7524B55843474F1BC04D9C2CAA1111F29EB9965F6AA2137EB26385 | 2450 |
+| Office-365ProPlus-2.8.xml | D7CB2059E061425C28777F8953976C16897A6F813898AB46FA99EDED997F434E | 375774 |
+| Office-Excel2013-1.7.org.default.xml | 6A8FBC7AD79015A5261C617A2EFC0084E58BCAFAAD3FA2B8E61BC01A860C102C | 429 |
+| Office-Excel2013-1.7.xml | E99C7824EB50B0727D7834F8D68FA6840BE8F69921DA49525C3B2921B9AD5A3B | 110738 |
+| Office-Excel2016-1.2.org.default.xml | EE134DCD15DEFBD412AF18477F75248DE83A705E10CA061776F2AE74884749E3 | 530 |
+| Office-Excel2016-1.2.xml | 5685CF03939CA92E8F4C854095344EA88B613E3CC1AB581E3DA4F70D70E69B77 | 108096 |
+| Office-Outlook2013-1.12.org.default.xml | 6691883C5ACE1CBF9ACAFC536E0E335620A9A1B158B75EAB7FE2E661C7C31A63 | 306 |
+| Office-Outlook2013-1.12.xml | DBF4FF03D3214F753B76C5ADFE0FEFB228E87EFD767BBDF1D3847080D67CF3D4 | 193739 |
+| Office-Outlook2013-1.13.org.default.xml | 624856564A2FB618BDF6A41263806BC2BE08B1AE58226425C07EFBADDC98FAF5 | 461 |
+| Office-Outlook2013-1.13.xml | 3446E121027400CE6C4834E4507EA94B5CFD24F65CFA4D5F0524873D32B07D8A | 193858 |
+| Office-Outlook2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-Outlook2016-2.2.xml | 9246147D3FA9E79A70F7024A3AC38FF526341B84CECD6F7175958A69D83B89DD | 151022 |
+| Office-Outlook2016-2.3.org.default.xml | 65560374E19492C3BBA42CC0A40AFC2F74C82AD01977E5061F41A4BCEDC2BF8E | 305 |
+| Office-Outlook2016-2.3.xml | ABF1B429B65076A3C44984451975C4FB264F2721CD47244F8C900290DB2011B0 | 151146 |
+| Office-PowerPoint2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-PowerPoint2013-1.6.xml | 563E20C0149E0CB20880EB777439A7B67C4FE1BBF4347EA7677048E6DD2D2EAA | 94142 |
+| Office-PowerPoint2016-1.1.org.default.xml | 3FEE8C811ED3DB6986E24ABF9BBA833975A908C82EFAECC2E91755E10D02C30C | 431 |
+| Office-PowerPoint2016-1.1.xml | 8F17DC18B9997782E98DACA5044ACB1E63B178A80240AE130D0AC7F64B703531 | 91626 |
+| Office-Publisher2016-1.3.org.default.xml | 87A4435821A71C1861AC3F9103E35FDE176D42FCE97880B4B26439CF49F58C0E | 433 |
 | Office-Publisher2016-1.3.xml | 89F37914B868D581E4253D8ED819544B61C5D5D750A6F09598FBCAFB41E618E3 | 37769 |
-| Office-System2013-1.9.org.default.xml | 4036D829A31308CD45CC8B5A76A9A84612F2593B7700190B5FF1B08EFBF089EF | 852 |
-| Office-System2013-1.9.xml | 96E75BC4A4922BB6D57BE63701AC030EC055AB1D660A8F45D3668E6B0A798959 | 121552 |
-| Office-System2013-2.1.org.default.xml | 5062DB411E0A0E8F42774CA34BB51D8DDCFCE5C5CA316E354520DE4D7C3D8B20 | 856 |
-| Office-System2013-2.1.xml | 89EEA327D7A227B42B981B5A8EA8D80A4E2E7D18F8C40B03C048B09CDEE1F397 | 116188 |
-| Office-System2016-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Office-System2016-2.1.xml | 9EDFB96DA919A0B9A002F01576949275A3A6D6FC68E25B62729FFCC30C0AD357 | 64487 |
-| Office-System2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-System2016-2.2.xml | 4B2AF660B2CECFDFD5113710652DE5A3A41DBF6C6E5ACF88C488C35C6DBD1962 | 64776 |
-| Office-Visio2013-1.4.org.default.xml | 955053441F378268498E15AC859046B2E2805E405AC294DDD8C6493A3FD2CC64 | 297 |
-| Office-Visio2013-1.4.xml | A1CFAABF789BD8C3958D35415F23B5B192F028CA98EDD391ECCEE85D87B6543F | 30039 |
-| Office-Word2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-Word2013-1.6.xml | C6D5620E7977EDA5B59134D0DABFA42AA4AC6C87EFB3FFF6502CE615DF157285 | 80779 |
-| Office-Word2016-1.1.org.default.xml | 724DB22065C11F47D376186EB1A5F959C9721A47A3A2E00F125DFB36BBD96EBD | 420 |
-| Office-Word2016-1.1.xml | CF23511AE9EF837FE49B19F0888F2CC38D1D4E3BF1F054EA35903732A6781858 | 87615 |
-| OracleJRE-8-1.5.org.default.xml | C832884FF191F9D9AD20652CBE1D9C68BE15C2DD9B57CF15B8F85EB1F770BBEF | 491 |
-| OracleJRE-8-1.5.xml | E61F226FA4BC02C4225A3399E4543A3E83DA51F8F813650E246F6472ACFE3982 | 44880 |
-| OracleJRE-8-2.1.org.default.xml | 3DC5157025F594B12BD2E1F5FC7B76818897F5C69555E8396DC8AACB986C8644 | 492 |
-| OracleJRE-8-2.1.xml | B76FEF48981D375C0F604D586D98622D05D8121AAB81A8BB06298BE650FB8DCE | 45903 |
-| RHEL-7-3.8.org.default.xml | 2E74668308150FE9E2F8E817899E5D498E32327AF59E0AB5F3BE607864AD47C8 | 6589 |
-| RHEL-7-3.8.xml | 19A0CF80DC537555C3F568DDBA0575AEE4FE785630A8A59BCD9988774CD31AE9 | 583777 |
-| RHEL-7-3.9.org.default.xml | A4D0A233417A210F173ECF0B20935162045B9E3B67BDB24EC1D39DF826424F16 | 7417 |
+| Office-System2013-1.9.org.default.xml | 45055F756C705090A9F8D6470EF55C2FC8838EA00B2103E372E22B948A06DF63 | 869 |
+| Office-System2013-1.9.xml | 346A48CA6FD98889F0E60928AA0E87E138CF4E8A45E1BDB82BB04005428638C5 | 122545 |
+| Office-System2013-2.1.org.default.xml | 96C2EFAF8780965F18914EB31F6C869AF63ADDB780CB3EA537626BA7DA2B7358 | 873 |
+| Office-System2013-2.1.xml | 40657EF393151DFE4D8FD1B5ABD4C5E87DD4AFD3A7F0B230DD22502F0B9DBF4C | 117184 |
+| Office-System2016-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Office-System2016-2.1.xml | 37E5D07510D1AEC51E6D08A502B7CAFDB3B316188EC2EE6B84D985CC1207DAA7 | 64932 |
+| Office-System2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-System2016-2.2.xml | 21F9CF9D4F17F183D6D5DF03090866E502F5C3D36BBD5B81FAAFFAD62A047EB7 | 65225 |
+| Office-Visio2013-1.4.org.default.xml | DEB619FD6632472F27796C703DB93523035A5BCD84A2FE878DABBCFC968FFFD9 | 305 |
+| Office-Visio2013-1.4.xml | 4DDEFCDD8E1D316BB2498D95CC033CBABD536A90EF9D6D1278127F4C4FF8DDA8 | 30296 |
+| Office-Word2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-Word2013-1.6.xml | 85E667D9899F3B98270275D1E2F1E5BEAF3AC39C0D8F3143E61F53FBA74263B9 | 81466 |
+| Office-Word2016-1.1.org.default.xml | 7C6CDD5943A445A748835DDAEA1C2AC2615A2BC21B0570751F234E5AB5D7B14B | 431 |
+| Office-Word2016-1.1.xml | 3309F6DCAFFDC4521E2B40CD6D1FC8DBEFB69972B64BBEC5C4C43BAF74542B84 | 88318 |
+| OracleJRE-8-1.5.org.default.xml | 9F29E6AA7A905712FC4BBA768764219CB4CD7F259A0515A486E0E9EE4BE03F66 | 502 |
+| OracleJRE-8-1.5.xml | D8D451B6E2B88C4F7FA14809CA7E6485E19C6295460342C01EF78E6787F073F3 | 45264 |
+| OracleJRE-8-2.1.org.default.xml | 83D686E66B98E318AB87ED95F05B1C01265DB40D202C9F1D4BEDE52790EA834D | 503 |
+| OracleJRE-8-2.1.xml | 34B2B1060088BD4A915B3F713464A636DCD98D6B8A32163F831A485F51DEC211 | 46312 |
+| RHEL-7-3.10.org.default.xml | 3A22CFED34A7C489B98C7663B16235B044D0B0B01BF8A66B594CB0D08CF6A3B8 | 7594 |
+| RHEL-7-3.10.xml | ACB557ED8C652EE1EB42B4398559E3199F565ECA1479F7AB8C93A31B03769B67 | 601397 |
+| RHEL-7-3.9.org.default.xml | 9048B69CAD2A4E9C53C2F8865C6AD0965FAFE20D71D345EFC19F3779F6C9F489 | 7470 |
 | RHEL-7-3.9.xml | 6563FE66082A9329FA349507801FB4EA2FCC7145AA30CF8A35E4466E9D30373F | 592180 |
-| SqlServer-2012-Database-1.19.org.default.xml | F0BCFA8BA56A51AB40F7AC1433B0BDB70F8FD15AB83BE236E8FCD182EB12818C | 427 |
-| SqlServer-2012-Database-1.19.xml | A8B5D94FA2D1EC2E9F85C034FAA7453F6554050A10D32A4534F787CC805A18D4 | 85981 |
-| SqlServer-2012-Database-1.20.org.default.xml | 88F0F0E3C3828B8DF4861F67F528D385DA47059F1255E35538209335B9F36C0C | 427 |
-| SqlServer-2012-Database-1.20.xml | 5EB429E846A241764E46144C2CEA4645FEA23291BA8B6DC24000F0054E6A1D83 | 85927 |
-| SqlServer-2012-Instance-1.19.org.default.xml | CBDC914F56AA1E306F5AF10B611B4C0B95E5CAAC8C2A792C0E640557FFF247DC | 1077 |
-| SqlServer-2012-Instance-1.19.xml | 198E9CFB9C9B5F115A41DBED956416389CF03E603D21CC3B6EF343E18308A184 | 716637 |
-| SqlServer-2012-Instance-1.20.org.default.xml | 2FFFB13390E0D6D4DDFBCCC6BB0E607D2CB028F57A521D85610B2D04E5D4230F | 1077 |
-| SqlServer-2012-Instance-1.20.xml | 75F35AB3641E3F11BBC173C57156706A5B57F27AB1FC511CA6256DBBFB9BA962 | 709174 |
-| SqlServer-2016-Instance-2.7.org.default.xml | 575803F6ED47AB833E3BD857BF7F049A6A986A74FCE54213739A0B87803814B2 | 610 |
-| SqlServer-2016-Instance-2.7.xml | 31D0FD81EA21C3586C00A538529058E8C2D046C6FD5D2E49D1EEC1F58F6DB9A5 | 548824 |
-| SqlServer-2016-Instance-2.8.org.default.xml | 36FD816F5FCAD2AF38C53BBDEAD90EBB6DFE195133613B5F407E6399C0AF2BA9 | 610 |
-| SqlServer-2016-Instance-2.8.xml | 6DDFAA3449EDB8C1D3518F317D8ADBE9048751A4FEE71C5A207D07FB4C918F82 | 549523 |
-| Ubuntu-18.04-2.8.org.default.xml | 08CF6671D3A376D8537B68E48971635C07ABB1B49BFC12F47BF7A2C7D153E2D2 | 6879 |
-| Ubuntu-18.04-2.8.xml | 978B0E087CBF6A33E4AF2FCEBB1D6122FC39FF92FB583CBEF229161ADF7E532F | 484056 |
+| SqlServer-2012-Database-1.19.org.default.xml | 282BCFAC931096F13AA661132D8E0BADF93A17034C98057A68DEC20D43612C88 | 438 |
+| SqlServer-2012-Database-1.19.xml | EA869867AE70E1ED3E80906C7CE800523071A95CB1DE72492F1DB20C4A924A9D | 86839 |
+| SqlServer-2012-Database-1.20.org.default.xml | 572218B2318BFB1F1160B2D1835DE985D09F269260038ED6CFE26573573C5014 | 438 |
+| SqlServer-2012-Database-1.20.xml | F01743D2CA5E914C215ECB13D86A5D58723DD7AB7C328B81D284911DEFA0D9C4 | 86785 |
+| SqlServer-2012-Instance-1.19.org.default.xml | D78829081352C7766AB1E9639C1649A46FDAD69819BCE14599CB3A5C096DF4E6 | 1098 |
+| SqlServer-2012-Instance-1.19.xml | 1313489DECFD7B137F53C9A55DA8068075CDD8015DBE24AEC77CC4276D910185 | 725272 |
+| SqlServer-2012-Instance-1.20.org.default.xml | BB9345EFCFBDB1FDCF731620B233BBD6B1CFD8856A25422D753D9D668D850860 | 1098 |
+| SqlServer-2012-Instance-1.20.xml | 6E8F27FE02ACF7877AB36F90F8C2CADCD8A93A3500288D41EF06070E7C992C66 | 717809 |
+| SqlServer-2016-Instance-2.7.org.default.xml | B966FDBE624E10243DFC71F153A7656F50A414E9A41C7DFAB286318C7783D67F | 623 |
+| SqlServer-2016-Instance-2.7.xml | 689D85FE26F58624FA6493992501D1EB565376805FFF1BAB1EDF2F9B6875C416 | 553591 |
+| SqlServer-2016-Instance-2.8.org.default.xml | 8F7BABE8A06CF091B7BA30D9A7038CE055D18036A0CE47EE5E89C01FDCEBC0BD | 623 |
+| SqlServer-2016-Instance-2.8.xml | 91D9A3D72336382ED3B2FABCD2311BCCA43302B9774085A0F93443879867C923 | 554296 |
+| Ubuntu-18.04-2.10.org.default.xml | 69E03214AA101407BE74394CE1D2CBCD133EDA7AFEFF2C2E3F05D84201195403 | 6920 |
+| Ubuntu-18.04-2.10.xml | 8EA37985B73C1114235CA1E20611896E37969C56D13ABC5F43B08E78A696720A | 491684 |
 | Ubuntu-18.04-2.9.org.default.xml | 937F52BBA9FD68C3E227705A6B7A64EB934B9042C2FBFA7DFE26FAB515135521 | 6922 |
 | Ubuntu-18.04-2.9.xml | 5180802F8E98B6B0B113BFC23EF235600690E753BED9C3C11ED8920A69E0C13A | 486825 |
-| Vsphere-6.5-2.2.org.default.xml | A9EE6773BD2F1593A0E33BD4E048AD43DE3E5709E5BE089CBBF7FB3C4B30288A | 782 |
-| Vsphere-6.5-2.2.xml | F7324FB4B6CDF705560BA1DA66AE1EB4A538BDC78D768813B3D1C367D2B4964B | 142766 |
-| Vsphere-6.5-2.3.org.default.xml | E7BDBC6948AA1E0999792F9054C2065B4AD0AD304B7F033D1378270A355D715D | 782 |
-| Vsphere-6.5-2.3.xml | 4E152C8A94517F45022D1C0BB8E5F3D3646D8CD1B4747C00034B3E646F1E678C | 144921 |
-| WindowsClient-10-2.4.org.default.xml | E0BB6F34998B2D1B9E7E25A7C9EA5ED43E448EF0EC3BF8CE9F030C5DA3A33037 | 5989 |
-| WindowsClient-10-2.4.xml | 9F90E8AAE9CEF0987D1BB5E2EE00254CFF504EA0B995D54100767AE4FB1B3F98 | 534076 |
+| Vsphere-6.5-2.2.org.default.xml | 9050F39FC140A633AD41A884A3E0F87720EFA566C91E82E74A13B918B8C04323 | 797 |
+| Vsphere-6.5-2.2.xml | E3A2F2D4C89416D14A8F3AB4DC6A5444DEA9683AFB2A21A653749995F289AD24 | 144122 |
+| Vsphere-6.5-2.3.org.default.xml | B8539D6118706486E3F451AC2466FE5BABC1C9DB30C1A48C80D3FFA32354056E | 797 |
+| Vsphere-6.5-2.3.xml | DE07939A8EC08F52E77FF411FF04359FCE02035C5038B70FBA2ADC42B994BEAA | 146293 |
+| WindowsClient-10-2.4.org.default.xml | FDC65417DFF986055A4CE952B575479EE650DC566D4C5C35CEB3B5B2140EE207 | 6086 |
+| WindowsClient-10-2.4.xml | C326D08FFA97F42AE5EFF12E50DC4925C8E240C20D6FD4DFDF74F9174A5B8482 | 540794 |
 | WindowsClient-10-2.5.org.default.xml | E39DBCAAC643D0CF020B3FDE5C655963B614DA55D7FF0264D55348234C5318BB | 6086 |
-| WindowsClient-10-2.5.xml | 519508254CFDE17F0308F8CA4FBE523567B618351ADBA0DC3103E9EE65D5067D | 534039 |
+| WindowsClient-10-2.5.xml | F37EBE9608CB4C0997AED5BA9F1A0C7ABFE3379CF7E81418E0639EF4CE5052CF | 540755 |
 | WindowsClient-11-1.2.org.default.xml | C03F1939072743A5F17C771C3E120976996FA159D293064EB8B4FEBBD3EF6070 | 5988 |
 | WindowsClient-11-1.2.xml | B0D8BC1B572AB08ACBD4CFEF99E88A2B4AAD80772C05C904A8F7FA916FDCD9B9 | 520538 |
-| WindowsDefender-All-2.3.org.default.xml | 2EF81E87FDF1D24158DCD2BFD2176921ED21ABBEA2C29ED14096EEEA54F8EB40 | 1065 |
-| WindowsDefender-All-2.3.xml | 34B17B00509BA3F4934861F383E2C133FCA2F19C65F38AA6DB77DBC9B0728A24 | 95099 |
-| WindowsDefender-All-2.4.org.default.xml | 96EA1084F1F2A3C9860013346ACCD29A805A73D79E6A313E759CDBC775A906E8 | 1065 |
-| WindowsDefender-All-2.4.xml | 6657A5CD51F7396976A05A03D3EDB358303D1D320935B51A953765E77063EF6C | 95829 |
-| WindowsDnsServer-2012R2-2.4.org.default.xml | 7A37266D66DFDB51BDCE149BF242559529AE0A3CB111EE3D7124CB02BFDC6B3F | 297 |
-| WindowsDnsServer-2012R2-2.4.xml | 597FE2821DDF156B17D136FF132AEF287E7CC60DB6263CA256385197CDBA24B6 | 241691 |
-| WindowsDnsServer-2012R2-2.5.org.default.xml | 5C4EAECF345C25E9688AA38AFEC397FFA392213486C8E9B0FA06B080AECA50A7 | 297 |
-| WindowsDnsServer-2012R2-2.5.xml | 5E54B2B89FA2E07B721B5461C2BBC2A4C831D696198D6EFD02D344C01CF22C9D | 242163 |
-| WindowsFirewall-All-1.7.org.default.xml | BF71BCE35DD772AA32964B7E6E3A20FCDAAA24C494FC51E58DEA5DB6DEFFC0EB | 945 |
-| WindowsFirewall-All-1.7.xml | 2B8E3CC4782FB3DC7718C1E6E75A7638E5CE7BEF417FA37530C807FEEF9355AF | 64830 |
-| WindowsFirewall-All-2.1.org.default.xml | 1EAC25EE60798B820C06DC8895361F69E31ED9A2950A8D3E86053F6BD9357C06 | 957 |
-| WindowsFirewall-All-2.1.xml | DE85F4E98D148246857F5C7356437371167BD9BB41BE3ABFF3E8B0B66BB12848 | 65807 |
-| WindowsServer-2012R2-DC-3.3.org.default.xml | 836CCA23864E7ACBC60CD988879F95BAE5E6F08CFAF0F0A60D54360848AE920F | 6935 |
-| WindowsServer-2012R2-DC-3.3.xml | B257636D672651195B540336EEBE4A216E98041493FC85980CB71373E4CFCCC6 | 765949 |
-| WindowsServer-2012R2-DC-3.4.org.default.xml | A727A575B307945E8430081B484383F732FAB7153EC0F14E3F33DB6D7BEACEEB | 6812 |
-| WindowsServer-2012R2-DC-3.4.xml | 3E89014E572DA400DA8D668985317D940B688AA856569F2BC56606CF43C32C86 | 764218 |
-| WindowsServer-2012R2-MS-3.3.org.default.xml | 1E04A871219379FF22D44916C0CE4143979F5082C9BAE9678D0DE29C638F1668 | 6377 |
-| WindowsServer-2012R2-MS-3.3.xml | 19C5930FBA78D6D4D619E9CAEEA505F63EAD73A600D220BBB33BF5EA98B40F02 | 661643 |
-| WindowsServer-2012R2-MS-3.4.org.default.xml | EFDC3D61F4DE48302E1AF28FB8C84F165AFA5BC67323EF87C32B653623D6D384 | 6254 |
-| WindowsServer-2012R2-MS-3.4.xml | 71559E19258D176E6E4FADC311A7DA1235DAE285EB02C4AC690567117EF3ED71 | 659969 |
-| WindowsServer-2016-DC-2.4.org.default.xml | 48F25F35D1F8DB5401FE38088B58E4822EA38A8244D266EC3B699A262CDB8A5C | 5901 |
-| WindowsServer-2016-DC-2.4.xml | 0DB57634F42E73C46EAC3BC932954927A8932887721B4035BDB48197F954773A | 550779 |
-| WindowsServer-2016-DC-2.5.org.default.xml | CBDFDF1C21BD31D29ABEAA2B9A8E1F6D6A2B25A3D8D2460F6BD8FC04849E9FDA | 5901 |
-| WindowsServer-2016-DC-2.5.xml | C3D3D5B3F8138A91AC036D4AD6EB78893F41C3AFA9358A52B9147777CAC3EBBC | 551071 |
-| WindowsServer-2016-MS-2.4.org.default.xml | F196F497D58C066D3F1566AB048F8D55DA7AE75CF6E42834CAF4066BE4564545 | 6015 |
-| WindowsServer-2016-MS-2.4.xml | 26ADB3522D644C726C5855D980B295BFA8EB6C3EF8B44C5DB892CF728F7C48EE | 474194 |
-| WindowsServer-2016-MS-2.5.org.default.xml | C573B016540D824D448A9EC5FE004ED963A223B5DE09F693CF276CD1A0E155BE | 6014 |
-| WindowsServer-2016-MS-2.5.xml | 33B6553EEEF755D1DBE476DE1C81F0722C4DBA8694CA77F2262A986FEB5DA03B | 474790 |
-| WindowsServer-2019-DC-2.4.org.default.xml | 683B2A4EE968FBF488C563122DFE55304A0EA37C5843A510DFC5C8459BB0DD55 | 6002 |
-| WindowsServer-2019-DC-2.4.xml | 77AFD942245805482D991269FC32B5D4F9C1D6FBAEC00C2EB274CA4418D03CA2 | 558030 |
+| WindowsDefender-All-2.3.org.default.xml | C0577AA9DBF69E5CC7323B458E8D956A678FBC20D1786CD5FF972BABF8B3BD08 | 1088 |
+| WindowsDefender-All-2.3.xml | 9B56A4155EC35DC5D1E5E502367513DA01FFCDC02D5FF674A1D184C78BA575A0 | 96015 |
+| WindowsDefender-All-2.4.org.default.xml | 38BA1392F6B093D85D8A6289E4D2C76687BBA2F3E4077681917DD2A841CD8102 | 1088 |
+| WindowsDefender-All-2.4.xml | FE2A715FF673114A8571FFB92D364072D7B0FBD67B2477A616F3F24D2748D12F | 96852 |
+| WindowsDnsServer-2012R2-2.4.org.default.xml | E0665B930674B4382F93865B8F0FEE6D9ADCC2CDD263EC06D5ECBBC8751EE62A | 305 |
+| WindowsDnsServer-2012R2-2.4.xml | 12849FAFEADA9477E79C42C19AF5636772AF682B3BDEB40C71393F57ACC537DA | 244440 |
+| WindowsDnsServer-2012R2-2.5.org.default.xml | 331B93A209C36BC1DBB5760FBA8F2BF5E0788E7A4D47C58A0697570882B280DB | 305 |
+| WindowsDnsServer-2012R2-2.5.xml | FC766E2AE054AE1E898263A49CDFE61A3F029C56B5BE7C7F6ED81F6115E86873 | 244914 |
+| WindowsFirewall-All-1.7.org.default.xml | 64E9FFA9B456C36DD36B5824BF641E473931B5C350F473DDFFDF31B1B64DD016 | 966 |
+| WindowsFirewall-All-1.7.xml | BBB13C6D675EB591D972EF8AD9B46472CFE80FCAD76E9D453586E6BE430F01B6 | 65518 |
+| WindowsFirewall-All-2.1.org.default.xml | 54A9F5D8C7E859CFC8C177DFCD4621814166A4DC6FD1967BAB03062B17489949 | 978 |
+| WindowsFirewall-All-2.1.xml | C2D9F1754E8F3A537448E73A1F627E94E72F2A5A7900939E5823B6AD694CC617 | 66534 |
+| WindowsServer-2012R2-DC-3.3.org.default.xml | 8040D5FDCF6EC673550168EECBAA8295DE37CE261D5F6679C57CE3A39150FE71 | 7046 |
+| WindowsServer-2012R2-DC-3.3.xml | F43AB8FA145C575EC2887F94029613F70AA1DD0B6B4074624593564EDA44C98A | 775734 |
+| WindowsServer-2012R2-DC-3.4.org.default.xml | 5423A10BF684CB3FA5F64C77670BA1AA3C94A69FE176065C9720B763019B35C4 | 6921 |
+| WindowsServer-2012R2-DC-3.4.xml | 47373591AF4F0186F7949C5354A73A277DFC158211A5A49CB4F23D6AC3F98563 | 773991 |
+| WindowsServer-2012R2-MS-3.3.org.default.xml | 30D3509BF3AA9BA29E82E5EDFCA82AE8DBDF450A6A178B8A3A61568A56F0E18A | 6476 |
+| WindowsServer-2012R2-MS-3.3.xml | A415746E95E262FE7547687C22B89555694C47A40C182F1E4AE403AF7DF460A4 | 670131 |
+| WindowsServer-2012R2-MS-3.4.org.default.xml | 50F77131D17E1FE349CB81FBC8FE7278DEBB09A3321F75D92B9F3AC85352D869 | 6351 |
+| WindowsServer-2012R2-MS-3.4.xml | BBC62A7ADC3365A3AED0067051712C3643FFAAB9157129E0FEE322768036E4AA | 668445 |
+| WindowsServer-2016-DC-2.4.org.default.xml | C6F13BDEC76ECC5F02317296D189312D401A9522D6B65F478B4CBB5D2FB39ACE | 5996 |
+| WindowsServer-2016-DC-2.4.xml | 411E53051F5154C377653359438BF3633240D74957A814664EE3A97A7022F069 | 558255 |
+| WindowsServer-2016-DC-2.5.org.default.xml | A051E222710532B44CD2A67A0D953344D53CA5FB38BE49DDD69941D16B7AD50C | 5996 |
+| WindowsServer-2016-DC-2.5.xml | E7BBB817054921AD9CC22912A6ECBE418D14F3A706694A2A9D03EFB62C9121B3 | 558541 |
+| WindowsServer-2016-MS-2.4.org.default.xml | 4597212B8DC738BC901EE25CDA3EDA04F49D3F53A873EA4063CFA864C2DCF37D | 6108 |
+| WindowsServer-2016-MS-2.4.xml | 3C2B4FFE25FD8BA3A4702A07AFE4E4074AD31E9749C83D5375B6FF4C443DCA65 | 480555 |
+| WindowsServer-2016-MS-2.5.org.default.xml | 28A6CC76C5C22C10C57B9F3F37BB023CA151CF4DB877CF6E5C07B5AF1166E6A9 | 6107 |
+| WindowsServer-2016-MS-2.5.xml | BB49ECFFFEC86C4F01311491935BCF2F11981E523A08FB0712025511C1425FED | 481151 |
+| WindowsServer-2019-DC-2.4.org.default.xml | 0094F20B2B061FF05BD885B213776F7ADBC7E2D75EEEC66CB994281CE19891DC | 6095 |
+| WindowsServer-2019-DC-2.4.xml | 4CCF9BC6032C0EC069D1CD3BBCBCC55DC598D5815593F6B6903753E0ED8C5B2B | 565567 |
 | WindowsServer-2019-DC-2.5.org.default.xml | 2B3EBC94F5503C005071520D4487334E047241231F81A7154F2A07EE21B20104 | 6095 |
-| WindowsServer-2019-DC-2.5.xml | 667BBBFD0731C0B1CDE0D6811382DFE59031DA4BA02A1B00DC18FF3497C95182 | 558239 |
-| WindowsServer-2019-MS-2.4.org.default.xml | 8F9E845B06B92DCEABF081B2B80F3D37F2C833181D352339034889187C9B92EB | 5938 |
-| WindowsServer-2019-MS-2.4.xml | 4E699813B3A6B360729729993740D2B1E597CD83E852AB00FBA7F49FE2F9EC38 | 481067 |
+| WindowsServer-2019-DC-2.5.xml | 6D2683085611516785604724BBFD4DFB6D773E78ED3662D055D9B0BE7EB216FD | 565775 |
+| WindowsServer-2019-MS-2.4.org.default.xml | CABC2B5A3691044BCDD96E1ACA53B997BCCB14BC41927A4EFAC68E11F80686D5 | 6027 |
+| WindowsServer-2019-MS-2.4.xml | EED082B900AC5D0F68FC8EF060D801CE357F42895A4A5A324B2137DCFAE9F77C | 487488 |
 | WindowsServer-2019-MS-2.5.org.default.xml | C11EF1E1576DDFA46432BE2A202A2BF520652CC21B475B217150AAF3F158CBB1 | 6027 |
-| WindowsServer-2019-MS-2.5.xml | B1996B3BDF822010F82BD2B3932359957830F086DA3CD1EFB581DBF9D151486B | 481486 |
+| WindowsServer-2019-MS-2.5.xml | 6B5BFDFD3A668D0F3307DB87CC686ADB4AF84FF0D42BAE6898E61D6C3075D8C6 | 487906 |
+| WindowsServer-2022-DC-1.1.org.default.xml | A84DA0AA242D80FB25A68E417D05A315D0EFFC33B4A1F626096984CCB46277AA | 6222 |
+| WindowsServer-2022-DC-1.1.xml | E41B69D3EA64BD9C4406BA39697BBB75D2D230CF5844D4DEE3EC1C50CE57C04D | 565193 |
+| WindowsServer-2022-MS-1.1.org.default.xml | E2F3863090F2E81F6E19432881BEEFC6D620C2D05AE5E06DAF7A824117A4F339 | 6154 |
+| WindowsServer-2022-MS-1.1.xml | CC4041ABCB8AE786245D738927D1CA6EA23711B6BE2338872B95ECE3C6B9B599 | 488173 |

README.md

@@ -72,7 +72,7 @@ For detailed information, please see the [StigData Wiki](https://github.com/Micr
 
 PowerStig.DSC is not really a specific module, but rather a collection of PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items in each STIG.
 Each composite uses [PowerStig.Data](#powerstigdata) classes to retrieve PowerStig XML.
-This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can them be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
+This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can then be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
 
 ### Composite Resources
 
@@ -80,10 +80,23 @@ The list of STIGs that we are currently covering.
 
 |Name|Description|
 | ---- | --- |
-|[Browser](https://github.com/Microsoft/PowerStig/wiki/Browser) | Provides a mechanism to manage Browser STIG settings. |
+|[Adobe](https://github.com/Microsoft/PowerStig/wiki/Adobe)| Provides a mechanism to manage Adobe STIG settings.|
+|[Chrome](https://github.com/Microsoft/PowerStig/wiki/Chrome)| Provides a mechanism to manage Google Chrome STIG settings.|
 |[DotNetFramework](https://github.com/Microsoft/PowerStig/wiki/DotNetFramework) | Provides a mechanism to manage .Net Framework STIG settings. |
+|[Edge](https://github.com/Microsoft/PowerStig/wiki/Edge) | Provides a mechanism to manage Microsoft Edge STIG settings. |
+|[Firefox](https://github.com/Microsoft/PowerStig/wiki/Firefox) | Provides a mechanism to manage Firefox STIG settings. |
+|[IisServer](https://github.com/Microsoft/PowerStig/wiki/IisServer) | Provides a mechanism to manage IIS Server settings. |
+|[IisSite](https://github.com/Microsoft/PowerStig/wiki/IisSite) | Provides a mechanism to manage IIS Site settings. |
+|[InternetExplorer](https://github.com/Microsoft/PowerStig/wiki/InternetExplorer) | Provides a mechanism to manage Microsoft Internet Explorer settings. |
+|[McAfee](https://github.com/Microsoft/PowerStig/wiki/McAfee) | Provides a mechanism to manage McAfee settings. |
 |[Office](https://github.com/Microsoft/PowerStig/wiki/Office) | Provides a mechanism to manage Microsoft Office STIG settings. |
+|[OracleJRE](https://github.com/Microsoft/PowerStig/wiki/OracleJRE) | Provides a mechanism to manage Oracle Java Runtime Environment STIG settings. |
+|[RHEL](https://github.com/Microsoft/PowerStig/wiki/RHEL) | Provides a mechanism to manage RedHat Enterprise Linux STIG settings. |
 |[SqlServer](https://github.com/Microsoft/PowerStig/wiki/SqlServer) | Provides a mechanism to manage SqlServer STIG settings. |
+|[Ubuntu](https://github.com/Microsoft/PowerStig/wiki/Ubuntu) | Provides a mechanism to manage Ubuntu Linux STIG settings. |
+|[Vsphere](https://github.com/Microsoft/PowerStig/wiki/Vsphere) | Provides a mechanism to manage VMware Vsphere STIG settings. |
+|[WindowsClient](https://github.com/Microsoft/PowerStig/wiki/WindowsClient) | Provides a mechanism to manage Windows Client STIG settings. |
+|[WindowsDefender](https://github.com/Microsoft/PowerStig/wiki/WindowsDefender) | Provides a mechanism to manage Windows Defender STIG settings. |
 |[WindowsDnsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsDnsServer) | Provides a mechanism to manage Windows DNS Server STIG settings. |
 |[WindowsFirewall](https://github.com/Microsoft/PowerStig/wiki/WindowsFirewall) | Provides a mechanism to manage the Windows Firewall STIG settings. |
 |[WindowsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsServer) | Provides a mechanism to manage the Windows Server STIG settings. |
@@ -134,3 +147,4 @@ We are especially thankful for those who have contributed pull requests to the c
 * [@mikedzikowski](https://github.com/mikedzikowski) (Mike Dzikowski)
 * [@togriffith](https://github.com/mikedzikowski) (Tony Griffith)
 * [@hinderjd](https://github.com/hinderjd) (James Hinders)
+* [@ruandersMSFT](https://github.com/ruandersMSFT) (Russell Anderson)

source/Module/Common/Convert/Data.ps1

@@ -86,6 +86,8 @@ data exclusionRuleList
         V-204440 = 'RHEL: At present, unable to automate rule'
         V-204456 = 'RHEL: At present, unable to automate rule'
         V-228564 = 'RHEL: At present, unable to automate rule'
+        V-251704 = 'RHEL: At present, unable to automate rule'
+        V-255927 = 'RHEL: At present, unable to automate rule'
         V-219151 = 'Ubuntu: At present, unable to automate rule'
         V-219155 = 'Ubuntu: At present, unable to automate rule'
         V-219164 = 'Ubuntu: At present, unable to automate rule'
@@ -103,6 +105,16 @@ data exclusionRuleList
         V-219326 = 'Ubuntu: At present, unable to automate rule'
         V-219331 = 'Ubuntu: At present, unable to automate rule'
         V-219341 = 'Ubuntu: At present, unable to automate rule'
+        V-219159 = 'Ubuntu: At present, unable to automate rule'
+        V-219163 = 'Ubuntu: At present, unable to automate rule'
+        V-219228 = 'Ubuntu: At present, unable to automate rule'
+        V-219229 = 'Ubuntu: At present, unable to automate rule'
+        V-219230 = 'Ubuntu: At present, unable to automate rule'
+        V-219231 = 'Ubuntu: At present, unable to automate rule'
+        V-219232 = 'Ubuntu: At present, unable to automate rule'
+        V-219233 = 'Ubuntu: At present, unable to automate rule'
+        V-219330 = 'Ubuntu: At present, unable to automate rule'
+        V-255907 = 'Ubuntu: At present, unable to automate rule'
         V-235722 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235753 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235755 = 'Edge: Rule requires an unknown list and count of whitelisted extensions, unable to automate rule'

source/Module/Common/Functions.XccdfXml.ps1

@@ -451,6 +451,7 @@ function Split-BenchmarkId
             # The Windows Server 2012 and 2012 R2 STIGs are combined, so return the 2012R2
             $id = $id -replace '_2012_', '_2012R2_'
             $returnId = $id -replace ($windowsVariations -join '|'), 'WindowsServer'
+            $returnId = $returnId -replace 'MS_', ''
             continue
         }
         {$PSItem -match "Active_Directory"}
@@ -514,8 +515,8 @@ function Split-BenchmarkId
         {$PSItem -match 'Ubuntu'}
         {
             $ubuntuId = $id -split '_'
-            $ubuntuVersion = $ubuntuId[3] -replace '-', '.'
-            $returnId = '{0}_{1}' -f $ubuntuId[2], $ubuntuVersion
+            $ubuntuVersion = $ubuntuId[-1] -replace '-', '.'
+            $returnId = '{0}_{1}' -f $ubuntuId[-2], $ubuntuVersion
             continue
         }
         default

source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1

@@ -67,6 +67,9 @@ class AuditPolicyRuleConvert : AuditPolicyRule
             {$_.Name -eq 'subcategory'}
         ).Value
         
+        # Windows STIGS have 'Audit Audit' as part of the string, but the actual policy is 'Audit Policy Change'
+        $thisSubcategory = $thisSubcategory -replace 'Audit Audit', 'Audit'
+
         if (-not $this.SetStatus($thisSubcategory))
         {
             $this.set_Subcategory($thisSubcategory.trim())

source/PowerStig.psd1

@@ -6,7 +6,7 @@
     RootModule = 'PowerStig.psm1'
 
     # Version number of this module.
-    ModuleVersion = '4.15.0'
+    ModuleVersion = '4.16.0'
 
     # ID used to uniquely identify this module
     GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3'

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R7_Manual-xccdf.log

@@ -10,4 +10,4 @@ V-221588::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-221596::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'AutoplayAllowlist'; ValueType = 'MultiString';  ValueData = $null; OrganizationValueTestString = "{0} -eq 'a list of administrator-approved URLs"}
 V-234701::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'SSLVersionMin'; ValueType = 'String';  ValueData = 'tls1.2'}
 V-245539::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Absent'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'CookiesSessionOnlyForUrls'}
-V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}
+V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}

source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R10_Manual-xccdf.log

@@ -22,7 +22,7 @@ V-204511::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; Contains
 V-204512::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audisp/audisp-remote.conf'; OrganizationValueTestString = 'the "network_failure_action" option is set to "SYSLOG", "SINGLE", or "HALT"; i.e.: "network_failure_action = syslog" '}
 V-204515::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audit/auditd.conf'; OrganizationValueTestString = 'the value of the "action_mail_acct" keyword is set to "root" and/or other accounts for security personnel; i.e.: "action_mail_acct = root" '}
 V-204576::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null; FilePath = '/etc/security/limits.d/204576-powerstig.conf'; OrganizationValueTestString = 'the "maxlogins" value is set to "10" or less '}
-V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
+V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/bashrc'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
 V-204584::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'kernel.randomize_va_space = 2'; FilePath = '/etc/sysctl.d/204584-powerstig.conf'}
 V-204609::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.accept_source_route = 0'; FilePath = '/etc/sysctl.d/204609-powerstig.conf'}
 V-204610::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.rp_filter = 1'; FilePath = '/etc/sysctl.d/204610-powerstig.conf'}
@@ -40,4 +40,4 @@ V-237635::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null
 V-244557::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/grub2/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/grub2/grub.cfg'}
 V-244558::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/efi/EFI/redhat/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg'}
 V-250314::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL'; FilePath = '/etc/sudoers.d/250314-powerstig.conf'}
-V-251704::*::HardCodedRule(ManualRule)@{DscResource = 'None'}
+V-255926::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = $null; OrganizationValueTestString = 'Specify either tmux or screen depending on preference'}

source/StigData/Archive/Linux.Ubuntu/U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.log

@@ -8,3 +8,4 @@ V-219303::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc
 V-219306::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'auth.*,authpriv.* /var/log/secure'; DoesNotContainPattern = '#\s*auth\.\*,\s*authpriv\.\*.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'daemon.notice /var/log/messages'; DoesNotContainPattern = '#\sdaemon.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}
 V-219307::Ciphers aes256-ctr,aes192-ctr, aes128-ctr::Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 V-219339::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}
+V-219343::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = 'aide'}

source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.log

@@ -31,8 +31,8 @@ V-223355::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; En
 V-223358::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'usecrlchasing' ;ValueType = 'Dword'; ValueData = '1'}
 V-223376::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Project\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223377::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\powerpoint\security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
+V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
 V-223393::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Visio\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223417::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223309::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility'; ValueData = 'Block all Flash activation'; ValueName = 'COMMENT'; ValueType = 'String'}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R8_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_8-5_Site_STIG_V2R7_Manual-xccdf.log

@@ -2,4 +2,4 @@ V-214465::If the "maxAllowedContentLength" value is not explicitly set to "30000
 V-214444::System Administrator::""
 V-214448::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebsite'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}
 V-214484::*::.
-V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = "'Time,Schedule'"}
+V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; OrganizationValueRequired = 'true'; OrganizationValueTestString = "'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'"}

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Processed/Google-Chrome-2.8.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-221563' -eq 'oiigbmnaadbkfbmpbfijlflahbdbdgdf | a list of administrator-approved extension IDs'-->
   <OrganizationalSetting id="V-221563" ValueData="" />
   <!-- Ensure 'V-221564' -eq 'an organization approved encrypted search provider'-->

source/StigData/Processed/Google-Chrome-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Apr 2022 3.3.0.27375 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="6/6/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/10/2023">
   <ManualRule dscresourcemodule="None">
     <Rule id="V-221584" severity="medium" conversionstatus="pass" title="SRG-APP-000456" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the browser can introduce security vulnerabilities to the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -268,7 +268,7 @@ This policy disables the listed protocol schemes in Google Chrome, URLs using a
       <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
-      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis</Key>
+      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist</Key>
       <LegacyId>V-44761</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
@@ -606,8 +606,8 @@ Windows method:
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221592" severity="medium" conversionstatus="pass" title="SRG-APP-000089" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;If set to “False”, prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
-If set to “True” or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
+      <Description>&lt;VulnDiscussion&gt;If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
+If set to "True" or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
 This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -620,7 +620,7 @@ This policy is available only on Windows instances that are joined to a Microsof
  1. In the omnibox (address bar) type chrome://policy
  2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
- 1. Start regedit
+ 1. Start regedit.
  2. Navigate to HKLM\Software\Policies\Google\Chrome\
  3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding.</RawString>
       <ValueData>0</ValueData>

source/StigData/Processed/IISServer-10.0-2.7.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="11/28/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="2/14/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -958,8 +958,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>System</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -967,8 +966,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Administrators</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -976,8 +974,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>TrustedInstaller</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -985,8 +982,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -994,8 +990,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL RESTRICTED APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -1003,8 +998,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Users</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute,ListDirectory</Rights>
         </Entry>
         <Entry>

source/StigData/Processed/IISServer-10.0-2.8.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure ''V-218785'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-218785" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-218805.a'' -le '00:20:00'-->

source/StigData/Processed/IISServer-10.0-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="8/23/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/14/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -805,6 +805,7 @@ If passwords have not been changed from the default, this is a finding.</RawStri
       <RawString>Note: If ASP.NET is not installed, this is Not Applicable.
 Note: If the Server is hosting Microsoft SharePoint, this is Not Applicable.
 Note: If the server is hosting WSUS, this is Not Applicable.
+Note: If the server is hosting Exchange, this is Not Applicable.
 
 Open the IIS 10.0 Manager.
 
@@ -812,7 +813,7 @@ Click the IIS 10.0 web server name.
 
 Double-click the ".NET Authorization Rules" icon.
 
-Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny" otherwise, this is a finding.
+Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny", otherwise this is a finding.
 If any other rules are present, this is a finding.</RawString>
     </Rule>
     <Rule id="V-218826" severity="medium" conversionstatus="pass" title="SRG-APP-000001-WSR-000001" dscresource="None">
@@ -958,8 +959,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>System</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -967,8 +967,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Administrators</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -976,8 +975,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>TrustedInstaller</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -985,8 +983,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -994,8 +991,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL RESTRICTED APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -1003,8 +999,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Users</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute,ListDirectory</Rights>
         </Entry>
         <Entry>
@@ -1532,7 +1527,7 @@ Double-click the "Error Pages" icon.
 
 Click any error message, and then click "Edit Feature Setting" from the "Actions" Pane. This will apply to all error messages.
 
-If the feature setting is not set to “Detailed errors for local requests and custom error pages for remote requests”, this is a finding.</RawString>
+If the feature setting is not set to "Detailed errors for local requests and custom error pages for remote requests", or "Custom error pages"  this is a finding.</RawString>
       <Value>DetailedLocalOnly</Value>
     </Rule>
     <Rule id="V-218820" severity="medium" conversionstatus="pass" title="SRG-APP-000439-WSR-000152" dscresource="xWebConfigKeyValue">

source/StigData/Processed/IISServer-8.5-2.5.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.3">
+<OrganizationalSettings fullversion="2.5">
   <!-- Ensure ''V-214400'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214400" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-214420.b'' -le '00:20:00'-->

source/StigData/Processed/IISServer-8.5-2.5.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R3_Manual-xccdf.xml" releaseinfo="Release: 3 Benchmark Date: 27 Oct 2021 3.2.2.36079 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.3" created="11/3/2021">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-214399" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -776,9 +776,10 @@ Open the IIS 8.5 Manager.
 
 Click the IIS 8.5 web server name.
 
-Double-click the “.NET Authorization Rules” icon.
+Double-click the ".NET Authorization Rules" icon.
 
-If any groups other than “Administrators” are listed, this is a finding.</RawString>
+Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny", otherwise this is a finding.
+If any other rules are present, this is a finding.</RawString>
     </Rule>
     <Rule id="V-214442" severity="medium" conversionstatus="pass" title="SRG-APP-000001-WSR-000001" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a website, facilitating a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive (i.e., a parameter used to limit the amount of time a connection may be inactive).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>

source/StigData/Processed/IISSite-8.5-2.7.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.5">
+<OrganizationalSettings fullversion="2.7">
   <!-- Ensure ''V-214448'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214448" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure 'V-214464' -le 4096-->
@@ -20,8 +20,6 @@
   <OrganizationalSetting id="V-214475" Value="00:20:00" />
   <!-- Ensure 'V-214485' -ne 0-->
   <OrganizationalSetting id="V-214485" Value="35000" />
-  <!-- Ensure 'V-214487' -ne 0-->
-  <OrganizationalSetting id="V-214487" Value="1000000" />
   <!-- Ensure ''V-214488'' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'-->
   <OrganizationalSetting id="V-214488" Value="'Time,Requests,Schedule,Memory,IsapiUnhealthy,OnDemand,ConfigChange,PrivateMemory'" />
   <!-- Ensure 'V-214489' -le 1000-->

source/StigData/Processed/IISSite-8.5-2.7.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Site_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Site_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 27 Jan 2022 3.2.2.36079 1.10.0" title="Microsoft IIS 8.5 Site Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="3/3/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Site_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Site_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 8.5 Site Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-214455" severity="medium" conversionstatus="pass" title="SRG-APP-000141-WSR-000082" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;IIS 8.5 will either allow or deny script execution based on file extension. The ability to control script execution is controlled through two features with IIS 8.5, “Request Filtering” and "Handler Mappings".
@@ -774,12 +774,15 @@ Satisfies: SRG-APP-000172-WSR-000104, SRG-APP-000224-WSR-000135, SRG-APP-000427-
       <OrganizationValueTestString />
       <RawString>Note: If the server being reviewed is a public IIS 8.5 web server, this is Not Applicable.
 Note: If the server is hosting Exchange, this is Not Applicable.
+Note: If the server is hosting SharePoint, this is Not Applicable.
 Note: If certificate handling is performed at the Proxy/Load Balancer, this is not a finding.
 
 Follow the procedures below for each site hosted on the IIS 8.5 web server:
 
 Open the IIS 8.5 Manager.
+
 Double-click the "SSL Settings" icon.
+
 Verify the "Clients Certificate Required" check box is selected.
 
 If the "Clients Certificate Required" check box is not selected, this is a finding.</RawString>
@@ -921,40 +924,14 @@ If the "Request Limit" is set to a value of "0", this is a finding.</RawString>
       <Value>
       </Value>
     </Rule>
-    <Rule id="V-214487" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
-      <Description>&lt;VulnDiscussion&gt;IIS application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks. By default, application pool recycling is overlapped, which means the worker process to be shut down is kept running until after a new worker process is started. After a new worker process starts, new requests are passed to it. The old worker process shuts down after it finishes processing its existing requests, or after a configured time-out, whichever comes first. This way of recycling ensures uninterrupted service to clients.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <Key>restartPrivateMemoryLimit</Key>
-      <LegacyId>V-76871</LegacyId>
-      <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} -ne 0</OrganizationValueTestString>
-      <RawString>Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable.
-
-If this IIS 8.5 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.
-
-Open the IIS 8.5 Manager.
-
-Perform the following for each Application Pool:
-
-Click "Application Pools".
-
-Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane.
-
-Scroll down to the "Recycling" section and verify the value for "Private Memory Limit" is set to a value other than "0".
-
-If the "Private Memory Limit" is set to a value of "0", this is a finding.</RawString>
-      <Value>
-      </Value>
-    </Rule>
     <Rule id="V-214488" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
       <Description>&lt;VulnDiscussion&gt;Application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <Key>logEventOnRecycle</Key>
       <LegacyId>V-76873</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
+      <OrganizationValueRequired>True</OrganizationValueRequired>
+      <OrganizationValueTestString>'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'</OrganizationValueTestString>
       <RawString>Note: Recycling Application Pools can create an unstable environment in a 64-bit SharePoint environment. If operational issues arise, with supporting documentation from the ISSO this check can be downgraded to a CAT III.
 
 Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable.
@@ -963,24 +940,24 @@ Note: If the IIS Application Pool is hosting Microsoft Exchange and not otherwis
 
 Open the IIS 8.5 Manager.
 
-Click the “Application Pools”.
+Click the "Application Pools".
 
 Perform the following for each Application Pool:
 
-Highlight an Application Pool and click "Recycling" in the “Actions” pane.
+Highlight an Application Pool and click "Recycling" in the "Actions" pane.
 
 In the Recycling Conditions window, verify at least one condition is checked as desired by the organization. 
 
 If no conditions are checked, this is a finding.
 
-Click Next.
+Click "Next".
 
-In the Recycling Events to Log window, verify both the "Regular time interval" and "Specific time" boxes are selected.
+In the "Recycling Events to Log" window, verify both the "Regular time interval" and "Scheduled time" boxes are selected.
 
-If both the "Regular time interval" and "Specific time" options are not selected, this is a finding.
+If both the "Regular time interval" and "Scheduled time" options are not selected, this is a finding.
 
-Click Cancel.</RawString>
-      <Value>'Time,Schedule'</Value>
+Click "Cancel".</RawString>
+      <Value />
     </Rule>
     <Rule id="V-214489" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
       <Description>&lt;VulnDiscussion&gt;In order to determine the possible causes of client connection errors and to conserve system resources, it is important to both log errors and manage those settings controlling requests to the application pool.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>

source/StigData/Processed/Office-365ProPlus-2.8.org.default.xml

@@ -5,12 +5,12 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-223282' is 2|3|4-->
   <OrganizationalSetting id="V-223282" ValueData="3" />
   <!-- Ensure 'V-223288' is 6-->
   <OrganizationalSetting id="V-223288" ValueData="6" />
-  <!-- Ensure 'V-223311' is 2|3|4-->
+  <!-- Ensure 'V-223311' is 3|4-->
   <OrganizationalSetting id="V-223311" ValueData="3" />
   <!-- Ensure 'V-223333' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223333" ValueData="1" />
@@ -36,7 +36,7 @@
   <OrganizationalSetting id="V-223381" ValueData="0" />
   <!-- Ensure 'V-223388.a' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223388.a" ValueData="1" />
-  <!-- Ensure 'V-223392' is 2|3|4-->
+  <!-- Ensure 'V-223392' is 3|4-->
   <OrganizationalSetting id="V-223392" ValueData="3" />
   <!-- Ensure 'V-223393' is 2|3|4-->
   <OrganizationalSetting id="V-223393" ValueData="3" />

source/StigData/Processed/Office-365ProPlus-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="8/23/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-223296" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes that user's type into Internet Explorer. Even legitimate add-ons may demand resources, compromising the performance of Internet Explorer and the operating systems for user computers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -743,14 +743,13 @@ If you enable this policy setting, you can choose from four options for determin
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security</Key>
       <LegacyId>V-99697</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
-      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Application Settings &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "VBA macro Notification Settings" is set to "Enabled" and "Disable all except digitally signed macros" from the Options. 
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
+      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Excel Options &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "Macro Notification Settings" is set to "Enabled" and "Disable VBA macros except digitally signed macros" from the Options is selected.
 
 Use the Windows Registry Editor to navigate to the following key:
-
 HKCU\software\policies\Microsoft\office\16.0\excel\security
 
-If the value vbawarnings is REG_DWORD = 3, this is not a finding. Values of REG_DWORD = 2 or 4 are also acceptable. If the registry key does not exist or the value is REG_DWORD =1, this is a finding.</RawString>
+If the value vbawarnings is REG_DWORD = 3, this is not a finding. A value of REG_DWORD =  4 are also acceptable. If the registry key does not exist or is not configured properly, this is a finding.</RawString>
       <ValueData />
       <ValueName>vbawarnings</ValueName>
       <ValueType>Dword</ValueType>
@@ -1108,12 +1107,12 @@ Use the Windows Registry Editor to navigate to the following key:
 
 HKCU\software\policies\microsoft\office\16.0\excel\security\fileblock
 
-If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a finding.</RawString>
+If the value for xl95workbooks is REG_DWORD = 2, this is not a finding.</RawString>
       <ValueData>2</ValueData>
-      <ValueName>xl9597workbooksandtemplates</ValueName>
+      <ValueName>xl95workbooks</ValueName>
       <ValueType>Dword</ValueType>
     </Rule>
-    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
+    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="RegistryPolicyFile">
       <Description>&lt;VulnDiscussion&gt;This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open, view, edit, or save files. The options that can be selected are below. Note: Not all options may be available for this policy setting.
 
 - Do not block: The file type will not be blocked.
@@ -1124,7 +1123,7 @@ If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a fin
 - Allow editing and open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit will be enabled. 
 
 If you disable or do not configure this policy setting, the file type will not be blocked.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf>V-223323</DuplicateOf>
+      <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security\fileblock</Key>
@@ -2936,7 +2935,7 @@ Therefore, if you created a list of trusted publishers in a previous version of
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security</Key>
       <LegacyId>V-99861</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
       <RawString>Set policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Publisher 2016 &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; VBA Macro Notification Settings &gt;&gt; VBA Macro Notification Settings to "Enabled" "Disable all except digitally signed macros"
  
 Use the Windows Registry Editor to navigate to the following key: 

source/StigData/Processed/RHEL-7-3.10.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="3.8">
+<OrganizationalSettings fullversion="3.10">
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "difok" is set to less than "8", this is a finding." -->
   <OrganizationalSetting id="V-204411" ContainsLine="difok = 8" DoesNotContainPattern="#\s*difok\s*=.*|^\s*difok\s*=\s*(-|)[0-7]$" />
   <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "minclass" is set to less than "4", this is a finding." -->
@@ -38,6 +38,10 @@
   <OrganizationalSetting id="V-204576" Contents="* hard maxlogins 10" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
   <OrganizationalSetting id="V-204579.b" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.c" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.d" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" has a value that is greater than "600" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding." -->
   <OrganizationalSetting id="V-204587" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
   <!-- Ensure the "Defaults timestamp_timeout=[value]" must be a number that is greater than or equal to "0" -->
@@ -46,4 +50,6 @@
   <OrganizationalSetting id="V-244557" ContainsLine="" DoesNotContainPattern="" />
   <!-- Ensure "set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg-->
   <OrganizationalSetting id="V-244558" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure Specify either tmux or screen depending on preference-->
+  <OrganizationalSetting id="V-255926" Name="" />
 </OrganizationalSettings>

source/StigData/Processed/RHEL-7-3.10.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="3" classification="UNCLASSIFIED" customname="" stigid="RHEL_7_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_RHEL_7_STIG_V3R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Red Hat Enterprise Linux 7 Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="3.8" created="9/12/2022">
+<DISASTIG version="3" classification="UNCLASSIFIED" customname="" stigid="RHEL_7_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_RHEL_7_STIG_V3R10_Manual-xccdf.xml" releaseinfo="Release: 10 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Red Hat Enterprise Linux 7 Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="3.10" created="3/6/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-204392" severity="high" conversionstatus="pass" title="SRG-OS-000257-GPOS-00098" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.
@@ -13,7 +13,7 @@ Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000278-GPOS-00108&lt;/VulnDiscussion
 
 Check the default file permissions, ownership, and group membership of system files and commands with the following command:
 
-# for i in `rpm -Va | egrep '^.{1}M|^.{5}U|^.{6}G' | cut -d " " -f 4,5`;do for j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d " " -f 1,5,6,7 | grep $i;done;done
+     # for i in `rpm -Va | grep -E '^.{1}M|^.{5}U|^.{6}G' | cut -d " " -f 4,5`;do for j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d " " -f 1,5,6,7 | grep $i;done;done
 
      /var/log/gdm 040755 root root
      /etc/audisp/audisp-remote.conf 0100640 root root
@@ -22,7 +22,7 @@ Check the default file permissions, ownership, and group membership of system fi
 For each file returned, verify the current permissions, ownership, and group membership:
      # ls -la &lt;filename&gt;
 
--rw-------. 1 root root 133 Jan 11 13:25 /etc/audisp/audisp-remote.conf
+     -rw-------. 1 root root 2017 Nov 1 10:03 /etc/audisp/audisp-remote.conf
 
 If the file is more permissive than the default permissions, this is a finding.
 
@@ -82,13 +82,13 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion
       <LegacyId>V-71891</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures. The screen program must be installed to lock sessions on the console.
+      <RawString>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures.
 
 Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Check to see if the screen lock is enabled with the following command:
 
-# grep -i lock-enabled /etc/dconf/db/local.d/*
+     # grep -ir lock-enabled /etc/dconf/db/local.d/ | grep -v locks
      lock-enabled=true
 
 If the "lock-enabled" setting is missing or is not set to "true", this is a finding.</RawString>
@@ -131,7 +131,7 @@ The session lock is implemented at the point where session activity can be deter
       <LegacyId>V-71893</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the operating system initiates a screensaver after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.
+      <RawString>Verify the operating system initiates a screensaver after a 15-minute period of inactivity for graphical user interfaces.
 
 Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
@@ -151,14 +151,13 @@ The session lock is implemented at the point where session activity can be deter
       <LegacyId>V-71899</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the operating system initiates a session lock after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.
+      <RawString>Verify the operating system initiates a session lock after a 15-minute period of inactivity for graphical user interfaces.
 
-Note: If the system does not have a Graphical User Interface installed, this requirement is Not Applicable.
+Note: If the system does not have a GNOME installed, this requirement is Not Applicable.
 
 Check for the session lock settings with the following commands:
 
      # grep -i idle-activation-enabled /etc/dconf/db/local.d/*
-
      idle-activation-enabled=true
 
 If "idle-activation-enabled" is not set to "true", this is a finding.</RawString>
@@ -174,7 +173,7 @@ The session lock is implemented at the point where session activity can be deter
       <OrganizationValueTestString />
       <RawString>Verify the operating system initiates a session lock a for graphical user interfaces when the screensaver is activated. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 If GNOME is installed, check to see a session lock occurs when the screensaver is activated with the following command:
 
@@ -250,7 +249,6 @@ If the "crypt_style" variable is not set to "sha512", is not in the defaults sec
 Check for the value of the "remember" argument in "/etc/pam.d/system-auth" and "/etc/pam.d/password-auth" with the following command:
 
      # grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
-
      password     requisite     pam_pwhistory.so use_authtok remember=5 retry=3
 
 If the line containing the "pam_pwhistory.so" line does not have the "remember" module argument set, is commented out, or the value of the "remember" module argument is set to less than "5", this is a finding.</RawString>
@@ -323,6 +321,7 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005&lt;/VulnDiscussion
       <RawString>Verify the operating system automatically locks the root account, for a minimum of 15 minutes, when three unsuccessful logon attempts in 15 minutes are made.
 
      # grep pam_faillock.so /etc/pam.d/password-auth
+
 auth        required      pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=900 unlock_time=900 
 auth        [default=die] pam_faillock.so authfail audit deny=3 even_deny_root fail_interval=900 unlock_time=900 
 account     required      pam_faillock.so
@@ -330,6 +329,7 @@ account required pam_faillock.so
 If the "even_deny_root" setting is not defined on both lines with the "pam_faillock.so" module, is commented out, or is missing from a line, this is a finding.
 
      # grep pam_faillock.so /etc/pam.d/system-auth
+
 auth        required      pam_faillock.so preauth silent audit deny=3 even_deny_root fail_interval=900 unlock_time=900 
 auth        [default=die] pam_faillock.so authfail audit deny=3 even_deny_root fail_interval=900 unlock_time=900
 account     required      pam_faillock.so
@@ -589,7 +589,7 @@ Check all local interactive user initialization files for interactive users with
 
 Note: The example is for a system that is configured to create users home directories in the "/home" directory.
 
-# grep -i umask /home/*/.*
+$ sudo grep -ir ^umask /home | grep -v '.bash_history'
 
 If any local interactive user initialization files are found to have a umask statement that has a value less restrictive than "077", this is a finding.</RawString>
     </Rule>
@@ -658,7 +658,7 @@ If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/bo
 
 Check that the grub configuration file has the set root command in each menu entry with the following commands:
 
-# grep -c menuentry /boot/grub2/grub.cfg
+# grep -cw menuentry /boot/grub2/grub.cfg
 1
 # grep 'set root' /boot/grub2/grub.cfg
 set root=(hd0,1)
@@ -1094,6 +1094,51 @@ ssh_sysadm_login --&gt; off
 
 If the "ssh_sysadm_login" boolean is not "off" and is not documented with the ISSO as an operational requirement, this is a finding.</RawString>
     </Rule>
+    <Rule id="V-251704" severity="medium" conversionstatus="pass" title="SRG-OS-000373-GPOS-00156" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+
+When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
+
+Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the operating system is not be configured to bypass password requirements for privilege escalation.
+
+Check the configuration of the "/etc/pam.d/sudo" file with the following command:
+
+$ sudo grep pam_succeed_if /etc/pam.d/sudo
+
+If any occurrences of "pam_succeed_if" is returned from the command, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-255927" severity="low" conversionstatus="pass" title="SRG-OS-000138-GPOS-00069" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a non-privileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
+
+     $ sudo sysctl kernel.dmesg_restrict
+     kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter:
+
+     $ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
+     /etc/sysctl.conf:kernel.dmesg_restrict = 1
+     /etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
+    </Rule>
   </DocumentRule>
   <ManualRule dscresourcemodule="None">
     <Rule id="V-204394" severity="medium" conversionstatus="pass" title="SRG-OS-000023-GPOS-00006" dscresource="None">
@@ -1219,7 +1264,7 @@ If any of the above checks are not configured, ask the administrator to indicate
     <Rule id="V-204445" severity="medium" conversionstatus="pass" title="SRG-OS-000363-GPOS-00150" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
 
-Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's Information Management Officer (IMO)/Information System Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's Information System Security Manager (ISSM)/Information System Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <LegacyId>V-71973</LegacyId>
@@ -1229,18 +1274,12 @@ Detecting such changes and providing an automated response can help avoid uninte
 
 Note: A file integrity tool other than Advanced Intrusion Detection Environment (AIDE) may be used, but the tool must be executed at least once per week.
 
-Check to see if AIDE is installed on the system with the following command:
-
-# yum list installed aide
-
-If AIDE is not installed, ask the SA how file integrity checks are performed on the system.
-
 Check for the presence of a cron job running daily or weekly on the system that executes AIDE daily to scan for changes to the system baseline. The command used in the example will use a daily occurrence.
 
 Check the cron directories for a script file controlling the execution of the file integrity application. For example, if AIDE is installed on the system, use the following command:
 
      # ls -al /etc/cron.* | grep aide
--rwxr-xr-x 1 root root 29 Nov 22 2015 aide
+     -rwxr-xr-x 1 root root 602 Mar 6 20:02 aide
 
      # grep aide /etc/crontab /var/spool/cron/root
      /etc/crontab: 30 04 * * * root /usr/sbin/aide  --check
@@ -1251,7 +1290,7 @@ If the file integrity application does not exist, or a script file controlling t
     <Rule id="V-204446" severity="medium" conversionstatus="pass" title="SRG-OS-000363-GPOS-00150" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
 
-Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's Information Management Officer (IMO)/Information System Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's Information System Security Manager (ISSM)/Information System Security Officer (ISSO) and System Administrators (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <LegacyId>V-71975</LegacyId>
@@ -1261,18 +1300,12 @@ Detecting such changes and providing an automated response can help avoid uninte
 
 Note: A file integrity tool other than Advanced Intrusion Detection Environment (AIDE) may be used, but the tool must be executed and notify specified individuals via email or an alert.
 
-Check to see if AIDE is installed on the system with the following command:
-
-# yum list installed aide
-
-If AIDE is not installed, ask the SA how file integrity checks are performed on the system. 
-
 Check for the presence of a cron job running routinely on the system that executes AIDE to scan for changes to the system baseline. The commands used in the example will use a daily occurrence.
 
 Check the cron directories for a "crontab" script file controlling the execution of the file integrity application. For example, if AIDE is installed on the system, use the following command:
     
      # ls -al /etc/cron.* | grep aide
--rwxr-xr-x 1 root root 32 Jul 1 2011 aide
+     -rwxr-xr-x 1 root root 602 Mar 6 20:02 aide
 
      # grep aide /etc/crontab /var/spool/cron/root
      /etc/crontab: 30 04 * * * root /usr/sbin/aide  --check
@@ -1283,7 +1316,7 @@ AIDE does not have a configuration that will send a notification, so the cron jo
      # more /etc/cron.daily/aide
      #!/bin/bash
 
-/usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
+     /usr/sbin/aide --check | /var/spool/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil
 
 If the file integrity application does not notify designated personnel of changes, this is a finding.</RawString>
     </Rule>
@@ -1468,14 +1501,12 @@ If any home directories referenced in "/etc/passwd" are not owned by the interac
 Check the home directory assignment for all local interactive users on the system with the following command:
 
      # ls -ld $(awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $6}' /etc/passwd)
-
--rwxr-x--- 1 smithj users 18 Mar 5 17:06 /home/smithj
+     -rwxr-x--- 1 smithj users 13 Apr 1 04:20 /home/smithj
 
 Check the user's primary group with the following command:
 
-# grep $(grep smithj /etc/passwd | awk -F: ‘{print $4}’) /etc/group
-
-users:x:250:smithj,jonesj,jacksons
+     # grep $(grep smithj /etc/passwd | awk -F: '{print $4}') /etc/group
+     users:x:250:smithj,marinc,chongt
 
 If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.</RawString>
     </Rule>
@@ -1897,18 +1928,9 @@ If no result is returned, or "/var/log/audit" is not on a separate file system,
       <OrganizationValueTestString />
       <RawString>Verify the file integrity tool is configured to verify extended attributes.
 
-Check to see if Advanced Intrusion Detection Environment (AIDE) is installed on the system with the following command:
-
-# yum list installed aide
-
-If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system.
-
-If there is no application installed to perform file integrity checks, this is a finding.
-
 Note: AIDE is highly configurable at install time. These commands assume the "aide.conf" file is under the "/etc" directory.
 
 Use the following command to determine if the file is in another location:
-
      # find / -name aide.conf
 
 Check the "aide.conf" file to determine if the "xattrs" rule has been added to the rule list being applied to the files and directories selection lists.
@@ -1932,14 +1954,6 @@ Red Hat Enterprise Linux operating system installation media ships with an optio
       <OrganizationValueTestString />
       <RawString>Verify the file integrity tool is configured to use FIPS 140-2-approved cryptographic hashes for validating file contents and directories.
 
-Check to see if AIDE is installed on the system with the following command:
-
-# yum list installed aide
-
-If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
-
-If there is no application installed to perform file integrity checks, this is a finding.
-
 Note: AIDE is highly configurable at install time. These commands assume the "aide.conf" file is under the "/etc" directory. 
 
 Use the following command to determine if the file is in another location:
@@ -2076,17 +2090,17 @@ If any file has a mode more permissive than "0644", this is a finding.</RawStrin
       <LegacyId>V-72257</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the SSH private host key files have mode "0600" or less permissive.
+      <RawString>Verify the SSH private host key files have mode "0640" or less permissive.
 
 The following command will find all SSH private key files on the system and list their modes:
 
      # find / -name '*ssh_host*key' | xargs ls -lL
 
--rw------- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key
--rw------- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key
--rw------- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key
+     -rw-r----- 1 root ssh_keys 112 Apr 1 11:59 ssh_host_dsa_key
+     -rw-r----- 1 root ssh_keys 202 Apr 1 11:59 ssh_host_key
+     -rw-r----- 1 root ssh_keys 352 Apr 1 11:59 ssh_host_rsa_key
 
-If any file has a mode more permissive than "0600", this is a finding.</RawString>
+If any file has a mode more permissive than "0640", this is a finding.</RawString>
     </Rule>
     <Rule id="V-204606" severity="high" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -2289,8 +2303,7 @@ If there is no anti-virus solution installed on the system, this is a finding.</
 
 The session lock is implemented at the point where session activity can be determined.
 
-The ability to enable/disable a session lock is given to the user by default. Disabling the user’s ability to disengage the graphical user interface session lock provides the assurance that all sessions will lock after the specified period of time.
-&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+The ability to enable/disable a session lock is given to the user by default. Disabling the user’s ability to disengage the graphical user interface session lock provides the assurance that all sessions will lock after the specified period of time.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <LegacyId>V-78995</LegacyId>
@@ -2298,11 +2311,10 @@ The ability to enable/disable a session lock is given to the user by default. Di
       <OrganizationValueTestString />
       <RawString>Verify the operating system prevents a user from overriding the screensaver lock-enabled setting for the graphical user interface. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Determine which profile the system database is using with the following command:
      # grep system-db /etc/dconf/profile/user
-
      system-db:local
 
 Check for the lock-enabled setting with the following command:
@@ -2310,11 +2322,9 @@ Check for the lock-enabled setting with the following command:
 Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used.
 
      # grep -i lock-enabled /etc/dconf/db/local.d/locks/*
-
      /org/gnome/desktop/screensaver/lock-enabled
 
-If the command does not return a result, this is a finding.
-</RawString>
+If the command does not return a result, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219059" severity="medium" conversionstatus="pass" title="SRG-OS-000114-GPOS-00059" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.
@@ -2424,26 +2434,6 @@ Verify the operating system does not have nested "include" files or directories
 $ sudo grep -r include /etc/sudoers.d
 
 If results are returned, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-251704" severity="medium" conversionstatus="pass" title="SRG-OS-000373-GPOS-00156" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
-
-When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
-
-Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>
-      </LegacyId>
-      <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify the operating system is not be configured to bypass password requirements for privilege escalation.
-
-Check the configuration of the "/etc/pam.d/sudo" file with the following command:
-
-$ sudo grep pam_succeed_if /etc/pam.d/sudo
-
-If any occurrences of "pam_succeed_if" is returned from the command, this is a finding.</RawString>
     </Rule>
     <Rule id="V-251705" severity="medium" conversionstatus="pass" title="SRG-OS-000445-GPOS-00199" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
@@ -2458,14 +2448,57 @@ This requirement applies to the Red Hat Enterprise Linux operating system perfor
       <RawString>Verify that Advanced Intrusion Detection Environment (AIDE) is installed and verifies the correct operation of all security functions.
 
 Check that the AIDE package is installed with the following command:
-
      $ sudo rpm -q aide
 
      aide-0.15.1-13.el7.x86_64
 
 If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
 
-If there is no application installed to perform integrity checks, this is a finding.</RawString>
+If there is no application installed to perform integrity checks, this is a finding.
+
+If AIDE is installed, check if it has been initialized with the following command:
+     $ sudo /usr/sbin/aide --check
+
+If the output is "Couldn't open file /var/lib/aide/aide.db.gz for reading", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-254523" severity="medium" conversionstatus="pass" title="SRG-OS-000123-GPOS-00064" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Emergency accounts are privileged accounts established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability.
+
+Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by the organization's system administrators when network or normal logon/access is not available). Infrequently used accounts are not subject to automatic termination dates. Emergency accounts are accounts created in response to crisis situations, usually for use by maintenance personnel. The automatic expiration or disabling time period may be extended as needed until the crisis is resolved; however, it must not be extended indefinitely. A permanent account should be established for privileged users who need long-term maintenance accounts.
+
+To address access requirements, many RHEL systems can be integrated with enterprise-level authentication/access mechanisms that meet or exceed access control policy requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify emergency accounts have been provisioned with an expiration date of 72 hours.
+
+For every existing emergency account, run the following command to obtain its account expiration information.
+
+$ sudo chage -l system_account_name
+
+Verify each of these accounts has an expiration date set within 72 hours.
+If any emergency accounts have no expiration date set or do not expire within 72 hours, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-255928" severity="medium" conversionstatus="pass" title="SRG-OS-000073-GPOS-00041" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;When using the authconfig utility to modify authentication configuration settings, the "system-auth" and "password-auth" files and any custom settings that they may contain are overwritten. This can be avoided by creating new local configuration files and creating new or moving existing symbolic links to them. The authconfig utility will recognize the local configuration files and not overwrite them, while writing its own settings to the original configuration files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify "system-auth" and "password-auth" files are symbolic links pointing to "system-auth-local" and "password-auth-local":
+     $ sudo ls -l /etc/pam.d/{password,system}-auth
+
+     lrwxrwxrwx. 1 root root 30 Apr 1 11:59 /etc/pam.d/password-auth -&gt; /etc/pam.d/password-auth-local
+     lrwxrwxrwx. 1 root root 28 Apr 1 11:59 /etc/pam.d/system-auth -&gt; /etc/pam.d/system-auth-local
+   
+If system-auth and password-auth files are not symbolic links, this is a finding.
+
+If system-auth and password-auth are symbolic links but do not point to "system-auth-local" and "password-auth-local", this is a finding.</RawString>
     </Rule>
   </ManualRule>
   <nxFileLineRule dscresourcemodule="nx">
@@ -2483,11 +2516,10 @@ The session lock is implemented at the point where session activity can be deter
       <OrganizationValueTestString />
       <RawString>Verify the operating system prevents a user from overriding a screensaver lock after a 15-minute period of inactivity for graphical user interfaces. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Determine which profile the system database is using with the following command:
      # grep system-db /etc/dconf/profile/user
-
      system-db:local
 
 Check for the lock delay setting with the following command:
@@ -2495,7 +2527,6 @@ Check for the lock delay setting with the following command:
 Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used.
 
      # grep -i lock-delay /etc/dconf/db/local.d/locks/*
-
      /org/gnome/desktop/screensaver/lock-delay
 
 If the command does not return a result, this is a finding.</RawString>
@@ -2514,11 +2545,10 @@ The session lock is implemented at the point where session activity can be deter
       <OrganizationValueTestString />
       <RawString>Verify the operating system prevents a user from overriding session idle delay after a 15-minute period of inactivity for graphical user interfaces. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console. 
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Determine which profile the system database is using with the following command:
      # grep system-db /etc/dconf/profile/user
-
      system-db:local
 
 Check for the session idle delay setting with the following command:
@@ -2526,7 +2556,6 @@ Check for the session idle delay setting with the following command:
 Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used.
 
      # grep -i idle-delay /etc/dconf/db/local.d/locks/*
-
      /org/gnome/desktop/session/idle-delay
 
 If the command does not return a result, this is a finding.</RawString>
@@ -2547,7 +2576,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
       <OrganizationValueTestString />
       <RawString>Verify the operating system prevents a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Determine which profile the system database is using with the following command:
      # grep system-db /etc/dconf/profile/user
@@ -3263,10 +3292,9 @@ Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000047-GPOS-00023&lt;/VulnDiscussion
 Check to see what level "auditctl" is set to with following command: 
 
      # auditctl -s | grep -i "fail"
-
      failure 2
 
-Note: If the value of "failure" is set to "2", the system is configured to panic (shut down) in the event of an auditing failure. If the value of "failure" is set to "1", the system is configured to only send information to the kernel log regarding the failure.
+Note: If the value of "failure" is set to "2", the system is configured to panic (shut down) in the event of an auditing failure. If the value of "failure" is set to "1", the system will not shut down and instead will record the audit failure in the kernel log. If the system is configured as per requirement RHEL-07-031000, the kernel log will be sent to a log aggregation server and generate an alert.
 
 If the "failure" setting is set to any value other than "1" or "2", this is a finding.
 
@@ -4735,7 +4763,7 @@ If both the "b32" and "b64" audit rules are not defined for the "delete_module"
 </RawString>
     </Rule>
     <Rule id="V-204563" severity="medium" conversionstatus="pass" title="SRG-OS-000471-GPOS-00216" dscresource="nxFileLine">
-      <ContainsLine>-w /usr/bin/kmod -p x -F auid!=unset -k module-change</ContainsLine>
+      <ContainsLine>-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid&gt;=1000 -F auid!=unset -k modules</ContainsLine>
       <Description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
@@ -4743,7 +4771,7 @@ Audit records can be generated from various components within the information sy
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
 Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DoesNotContainPattern>#\s*-w\s*/usr/bin/kmod\s*-p\s*x\s*-F\s*auid!\s*=\s*unset\s*-k\s*module-change</DoesNotContainPattern>
+      <DoesNotContainPattern>#\s*-a\s*always,exit\s*-F\s*path\s*=\s*/usr/bin/kmod\s*-F\s*perm\s*=\s*x\s*-F\s*auid&gt;\s*=\s*1000\s*-F\s*auid!\s*=\s*unset\s*-k\s*modules</DoesNotContainPattern>
       <DuplicateOf />
       <FilePath>/etc/audit/rules.d/audit.rules</FilePath>
       <IsNullOrEmpty>False</IsNullOrEmpty>
@@ -4754,9 +4782,9 @@ Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion
 
 Check the auditing rules in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw kmod /etc/audit/audit.rules
+$ sudo grep "/usr/bin/kmod" /etc/audit/audit.rules
 
--w /usr/bin/kmod -p x -F auid!=unset -k module-change
+-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid&gt;=1000 -F auid!=unset -k modules
 
 If the command does not return any output, this is a finding.</RawString>
     </Rule>
@@ -4967,11 +4995,66 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000163-GPOS-00072&lt;/VulnDiscussion
 
 Check the value of the system inactivity timeout with the following command:
 
-# grep -i tmout /etc/profile.d/*
+$ sudo grep -irw tmout /etc/profile /etc/bashrc /etc/profile.d
 
 etc/profile.d/tmout.sh:declare -xr TMOUT=900
 
-If "TMOUT" is not set to "900" or less in a script located in the /etc/profile.d/ directory to enforce session termination after inactivity, this is a finding.</RawString>
+If conflicting results are returned, this is a finding.
+If "TMOUT" is not set to "900" or less to enforce session termination after inactivity, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-204579.c" severity="medium" conversionstatus="pass" title="SRG-OS-000163-GPOS-00072" dscresource="nxFileLine">
+      <ContainsLine>
+      </ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
+
+Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level and de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean that the operating system terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.
+
+Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000163-GPOS-00072&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>
+      </DoesNotContainPattern>
+      <DuplicateOf />
+      <FilePath>/etc/bashrc</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-72223.c</LegacyId>
+      <OrganizationValueRequired>True</OrganizationValueRequired>
+      <OrganizationValueTestString>the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.</OrganizationValueTestString>
+      <RawString>Verify the operating system terminates all network connections associated with a communications session at the end of the session or based on inactivity.
+
+Check the value of the system inactivity timeout with the following command:
+
+$ sudo grep -irw tmout /etc/profile /etc/bashrc /etc/profile.d
+
+etc/profile.d/tmout.sh:declare -xr TMOUT=900
+
+If conflicting results are returned, this is a finding.
+If "TMOUT" is not set to "900" or less to enforce session termination after inactivity, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-204579.d" severity="medium" conversionstatus="pass" title="SRG-OS-000163-GPOS-00072" dscresource="nxFileLine">
+      <ContainsLine>
+      </ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
+
+Terminating network connections associated with communications sessions includes, for example, de-allocating associated TCP/IP address/port pairs at the operating system level and de-allocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean that the operating system terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.
+
+Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000163-GPOS-00072&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>
+      </DoesNotContainPattern>
+      <DuplicateOf />
+      <FilePath>/etc/profile</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-72223.d</LegacyId>
+      <OrganizationValueRequired>True</OrganizationValueRequired>
+      <OrganizationValueTestString>the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.</OrganizationValueTestString>
+      <RawString>Verify the operating system terminates all network connections associated with a communications session at the end of the session or based on inactivity.
+
+Check the value of the system inactivity timeout with the following command:
+
+$ sudo grep -irw tmout /etc/profile /etc/bashrc /etc/profile.d
+
+etc/profile.d/tmout.sh:declare -xr TMOUT=900
+
+If conflicting results are returned, this is a finding.
+If "TMOUT" is not set to "900" or less to enforce session termination after inactivity, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204580" severity="medium" conversionstatus="pass" title="SRG-OS-000023-GPOS-00006" dscresource="nxFileLine">
       <ContainsLine>banner /etc/issue</ContainsLine>
@@ -5330,7 +5413,9 @@ If the "UsePrivilegeSeparation" keyword is set to "no", is missing, or the retur
       <LegacyId>V-72267</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the SSH daemon performs compression after a user successfully authenticates.
+      <RawString>Note: For RHEL 7.4 and above, this requirement is not applicable.
+
+Verify the SSH daemon performs compression after a user successfully authenticates.
 
 Check that the SSH daemon performs compression after a user successfully authenticates with the following command:
 
@@ -5457,6 +5542,24 @@ $ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
 
 If "superusers" is identical to any OS account name or is missing a name, this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255925" severity="medium" conversionstatus="pass" title="SRG-OS-000033-GPOS-00014" dscresource="nxFileLine">
+      <ContainsLine>KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;The use of FIPS-validated cryptographic algorithms is enforced by enabling kernel FIPS mode. In the event that kernel FIPS mode is disabled, the use of nonvalidated cryptographic algorithms will be permitted systemwide. The SSH server configuration must manually define only FIPS-validated key exchange algorithms to prevent the use of nonvalidated algorithms.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>#\s*KexAlgorithms\s*ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</DoesNotContainPattern>
+      <DuplicateOf />
+      <FilePath>/etc/ssh/sshd_config</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the SSH server is configured to use only FIPS-validated key exchange algorithms:
+
+     $ sudo grep -i kexalgorithms /etc/ssh/sshd_config
+     KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
+ 
+If "KexAlgorithms" is not configured, is commented out, or does not contain only the algorithms "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" in exact order, this is a finding.</RawString>
+    </Rule>
   </nxFileLineRule>
   <nxFileRule dscresourcemodule="nx">
     <Rule id="V-204395" severity="medium" conversionstatus="pass" title="SRG-OS-000023-GPOS-00006" dscresource="nxFile">
@@ -5538,11 +5641,10 @@ The session lock is implemented at the point where session activity can be deter
       <OrganizationValueTestString />
       <RawString>Verify the operating system prevents a user from overriding a screensaver lock after a 15-minute period of inactivity for graphical user interfaces. 
 
-Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.
+Note: If the system does not have GNOME installed, this requirement is Not Applicable.
 
 Determine which profile the system database is using with the following command:
      # grep system-db /etc/dconf/profile/user
-
      system-db:local
 
 Check for the lock delay setting with the following command:
@@ -5550,7 +5652,6 @@ Check for the lock delay setting with the following command:
 Note: The example below is using the database "local" for the system, so the path is "/etc/dconf/db/local.d". This path must be modified if a database other than "local" is being used.
 
      # grep -i lock-delay /etc/dconf/db/local.d/locks/*
-
      /org/gnome/desktop/screensaver/lock-delay
 
 If the command does not return a result, this is a finding.</RawString>
@@ -5677,11 +5778,12 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000163-GPOS-00072&lt;/VulnDiscussion
 
 Check the value of the system inactivity timeout with the following command:
 
-# grep -i tmout /etc/profile.d/*
+$ sudo grep -irw tmout /etc/profile /etc/bashrc /etc/profile.d
 
 etc/profile.d/tmout.sh:declare -xr TMOUT=900
 
-If "TMOUT" is not set to "900" or less in a script located in the /etc/profile.d/ directory to enforce session termination after inactivity, this is a finding.</RawString>
+If conflicting results are returned, this is a finding.
+If "TMOUT" is not set to "900" or less to enforce session termination after inactivity, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204584" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>kernel.randomize_va_space = 2</Contents>
@@ -5694,19 +5796,19 @@ If "TMOUT" is not set to "900" or less in a script located in the /etc/profile.d
       <OrganizationValueTestString />
       <RawString>Verify the operating system implements virtual address space randomization.
 
-# grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/*
-
+     # grep -r kernel.randomize_va_space /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      kernel.randomize_va_space = 2
 
-If "kernel.randomize_va_space" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or does not have a value of "2", this is a finding.
+If "kernel.randomize_va_space" is not configured in the /etc/sysctl.conf file or or in any of the other sysctl.d directories, is commented out or does not have a value of "2", this is a finding.
 
 Check that the operating system implements virtual address space randomization with the following command:
 
      # /sbin/sysctl -a | grep kernel.randomize_va_space 
-
      kernel.randomize_va_space = 2
 
-If "kernel.randomize_va_space" does not have a value of "2", this is a finding.</RawString>
+If "kernel.randomize_va_space" does not have a value of "2", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204609" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.all.accept_source_route = 0</Contents>
@@ -5719,22 +5821,23 @@ If "kernel.randomize_va_space" does not have a value of "2", this is a finding.<
       <OrganizationValueTestString />
       <RawString>Verify the system does not accept IPv4 source-routed packets.
 
-# grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*
-
+     # grep -r net.ipv4.conf.all.accept_source_route /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv4.conf.all.accept_source_route = 0
 
-If " net.ipv4.conf.all.accept_source_route " is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "0", this is a finding.
+If "net.ipv4.conf.all.accept_source_route" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the accept source route variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route
      net.ipv4.conf.all.accept_source_route = 0
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204610" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.all.rp_filter = 1</Contents>
-      <Description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface they were received on. It should not be used on systems which are routers for complicated networks, but is helpful for end hosts and routers serving small networks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <Description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface they were received on. It should not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <FilePath>/etc/sysctl.d/204610-powerstig.conf</FilePath>
       <IsNullOrEmpty>False</IsNullOrEmpty>
@@ -5743,17 +5846,19 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system uses a reverse-path filter for IPv4:
 
-# grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.all.rp_filter /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv4.conf.all.rp_filter = 1
 
-If "net.ipv4.conf.all.rp_filter" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "1", this is a finding.
+If "net.ipv4.conf.all.rp_filter" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "1", this is a finding.
 
 Check that the operating system implements the accept source route variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter
      net.ipv4.conf.all.rp_filter = 1
 
-If the returned line does not have a value of "1", this is a finding.</RawString>
+If the returned line does not have a value of "1", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204611" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.default.rp_filter = 1</Contents>
@@ -5766,17 +5871,19 @@ If the returned line does not have a value of "1", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system uses a reverse-path filter for IPv4:
 
-# grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.default.rp_filter /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv4.conf.default.rp_filter = 1
 
-If "net.ipv4.conf.default.rp_filter" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "1", this is a finding.
+If "net.ipv4.conf.default.rp_filter" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "1", this is a finding.
 
 Check that the operating system implements the accept source route variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter
      net.ipv4.conf.default.rp_filter = 1
 
-If the returned line does not have a value of "1", this is a finding.</RawString>
+If the returned line does not have a value of "1", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204612" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.default.accept_source_route = 0</Contents>
@@ -5789,17 +5896,19 @@ If the returned line does not have a value of "1", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system does not accept IPv4 source-routed packets by default.
 
-# grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.default.accept_source_route /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv4.conf.default.accept_source_route = 0
 
-If " net.ipv4.conf.default.accept_source_route " is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "0", this is a finding.
+If  "net.ipv4.conf.default.accept_source_route" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the accept source route variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route
      net.ipv4.conf.default.accept_source_route = 0
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204613" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.icmp_echo_ignore_broadcasts = 1</Contents>
@@ -5812,16 +5921,18 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system does not respond to IPv4 ICMP echoes sent to a broadcast address.
 
-# grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.icmp_echo_ignore_broadcasts /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
 
-If " net.ipv4.icmp_echo_ignore_broadcasts" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "1", this is a finding.
+If "net.ipv4.icmp_echo_ignore_broadcasts" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "1", this is a finding.
 
 Check that the operating system implements the "icmp_echo_ignore_broadcasts" variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
      net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-If the returned line does not have a value of "1", this is a finding.</RawString>
+If the returned line does not have a value of "1", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204614" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.default.accept_redirects = 0</Contents>
@@ -5834,16 +5945,18 @@ If the returned line does not have a value of "1", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system will not accept IPv4 ICMP redirect messages.
 
-# grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.default.accept_redirects /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
 
-If " net.ipv4.conf.default.accept_redirects " is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "0", this is a finding.
+If "net.ipv4.conf.default.accept_redirects" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the value of the "accept_redirects" variables with the following command:
 
-# /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'
+    # /sbin/sysctl -a | grep net.ipv4.conf.default.accept_redirects
     net.ipv4.conf.default.accept_redirects = 0
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204615" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.all.accept_redirects = 0</Contents>
@@ -5856,17 +5969,18 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system ignores IPv4 ICMP redirect messages.
 
-# grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.all.accept_redirects /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
 
-If " net.ipv4.conf.all.accept_redirects " is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "0", this is a finding.
+If "net.ipv4.conf.all.accept_redirects" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the "accept_redirects" variables with the following command:
 
-# /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'
-
+     # /sbin/sysctl -a | grep net.ipv4.conf.all.accept_redirects
      net.ipv4.conf.all.accept_redirects = 0
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204616" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.default.send_redirects = 0</Contents>
@@ -5879,17 +5993,18 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system does not allow interfaces to perform IPv4 ICMP redirects by default.
 
-# grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.default.send_redirects /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
 
-If "net.ipv4.conf.default.send_redirects" is not configured in the "/etc/sysctl.conf" file or in the /etc/sysctl.d/ directory, is commented out or does not have a value of "0", this is a finding.
+If "net.ipv4.conf.default.send_redirects" is not configured in the "/etc/sysctl.conf" file or in any of the other sysctl.d directories, is commented out or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the "default send_redirects" variables with the following command:
 
-# /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'
-
+     # /sbin/sysctl -a | grep net.ipv4.conf.default.send_redirects
      net.ipv4.conf.default.send_redirects = 0 
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204617" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.conf.all.send_redirects = 0</Contents>
@@ -5902,17 +6017,18 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system does not send IPv4 ICMP redirect messages.
 
-# grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/*
+     # grep -r net.ipv4.conf.all.send_redirects /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
 
-If "net.ipv4.conf.all.send_redirects" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or does not have a value of "0", this is a finding.
+If "net.ipv4.conf.all.send_redirects" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the "all send_redirects" variables with the following command:
 
-# /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'
-
+     # /sbin/sysctl -a | grep net.ipv4.conf.all.send_redirects
      net.ipv4.conf.all.send_redirects = 0
 
-If the returned line does not have a value of "0", this is a finding.</RawString>
+If the returned line does not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204625" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv4.ip_forward = 0</Contents>
@@ -5925,18 +6041,19 @@ If the returned line does not have a value of "0", this is a finding.</RawString
       <OrganizationValueTestString />
       <RawString>Verify the system is not performing packet forwarding, unless the system is a router.
 
-# grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/*
-
+     # grep -r net.ipv4.ip_forward /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv4.ip_forward = 0
 
-If "net.ipv4.ip_forward" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out, or does not have a value of "0", this is a finding.
+If "net.ipv4.ip_forward" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out, or does not have a value of "0", this is a finding.
 
 Check that the operating system does not implement IP forwarding using the following command:
 
      # /sbin/sysctl -a | grep net.ipv4.ip_forward
      net.ipv4.ip_forward = 0
 
-If IP forwarding value is "1" and the system is hosting any application, database, or web servers, this is a finding.</RawString>
+If IP forwarding value is "1" and the system is hosting any application, database, or web servers, this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-204630" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>net.ipv6.conf.all.accept_source_route = 0</Contents>
@@ -5951,18 +6068,19 @@ If IP forwarding value is "1" and the system is hosting any application, databas
 
 Verify the system does not accept IPv6 source-routed packets.
 
-# grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/*
-
+     # grep -r net.ipv6.conf.all.accept_source_route /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
      net.ipv6.conf.all.accept_source_route = 0
 
-If "net.ipv6.conf.all.accept_source_route" is not configured in the /etc/sysctl.conf file or in the /etc/sysctl.d/ directory, is commented out or does not have a value of "0", this is a finding.
+If "net.ipv6.conf.all.accept_source_route" is not configured in the /etc/sysctl.conf file or in any of the other sysctl.d directories, is commented out or does not have a value of "0", this is a finding.
 
 Check that the operating system implements the accept source route variable with the following command:
 
      # /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route
      net.ipv6.conf.all.accept_source_route = 0
 
-If the returned lines do not have a value of "0", this is a finding.</RawString>
+If the returned lines do not have a value of "0", this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-237634.a" severity="medium" conversionstatus="pass" title="SRG-OS-000480-GPOS-00227" dscresource="nxFile">
       <Contents>Defaults !targetpw</Contents>
@@ -5977,7 +6095,7 @@ For more information on each of the listed configurations, reference the sudoers
       <OrganizationValueTestString />
       <RawString>Verify that the sudoers security policy is configured to use the invoking user's password for privilege escalation.
 
-$ sudo egrep -ir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
+     $ sudo grep -Eir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
 
      /etc/sudoers:Defaults !targetpw
      /etc/sudoers:Defaults !rootpw
@@ -6001,7 +6119,7 @@ For more information on each of the listed configurations, reference the sudoers
       <OrganizationValueTestString />
       <RawString>Verify that the sudoers security policy is configured to use the invoking user's password for privilege escalation.
 
-$ sudo egrep -ir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
+     $ sudo grep -Eir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
 
      /etc/sudoers:Defaults !targetpw
      /etc/sudoers:Defaults !rootpw
@@ -6025,7 +6143,7 @@ For more information on each of the listed configurations, reference the sudoers
       <OrganizationValueTestString />
       <RawString>Verify that the sudoers security policy is configured to use the invoking user's password for privilege escalation.
 
-$ sudo egrep -ir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
+     $ sudo grep -Eir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
 
      /etc/sudoers:Defaults !targetpw
      /etc/sudoers:Defaults !rootpw
@@ -6172,14 +6290,6 @@ If this file does not exist, this is a finding.</RawString>
       <OrganizationValueTestString />
       <RawString>Verify the file integrity tool is configured to verify ACLs.
 
-Check to see if Advanced Intrusion Detection Environment (AIDE) is installed on the system with the following command:
-
-# yum list installed aide
-
-If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
-
-If there is no application installed to perform file integrity checks, this is a finding.
-
 Note: AIDE is highly configurable at install time. These commands assume the "aide.conf" file is under the "/etc" directory. 
 
 Use the following command to determine if the file is in another location:
@@ -6349,6 +6459,33 @@ pam_pkcs11-0.6.2-14.el7.noarch.rpm
 
 If the "pam_pkcs11" package is not installed, this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255926" severity="medium" conversionstatus="pass" title="SRG-OS-000029-GPOS-00010" dscresource="nxPackage">
+      <Description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock.
+
+The screen and tmux packages allow for a session lock to be implemented and configured.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <Ensure>Present</Ensure>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <Name>
+      </Name>
+      <OrganizationValueRequired>True</OrganizationValueRequired>
+      <OrganizationValueTestString>Specify either tmux or screen depending on preference</OrganizationValueTestString>
+      <RawString>Verify the operating system has the screen package installed.
+
+Check to see if the screen package is installed with the following command:
+
+     # yum list installed screen
+     screen-4.3.1-3-x86_64.rpm
+
+If the screen package is not installed, check to see if the tmux package is installed with the following command:
+
+     # yum list installed tmux
+     tmux-1.8-4.el7.x86_64.rpm
+
+If either the screen package or the tmux package is not installed, this is a finding.</RawString>
+    </Rule>
   </nxPackageRule>
   <nxServiceRule dscresourcemodule="nx">
     <Rule id="V-204451" severity="medium" conversionstatus="pass" title="SRG-OS-000114-GPOS-00059" dscresource="nxService">
@@ -6431,7 +6568,7 @@ This requirement applies to both internal and external networks and all types of
 
 Protecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, then logical means (cryptography) do not have to be employed, and vice versa.
 
-Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000423-GPOS-00188, SRG-OS-000423-GPOS-00189, SRG-OS-000423-GPOS-00190&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Enabled>True</Enabled>
       <IsNullOrEmpty>False</IsNullOrEmpty>

source/StigData/Processed/Ubuntu-18.04-2.10.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.8">
+<OrganizationalSettings fullversion="2.9">
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
   <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->

source/StigData/Processed/Ubuntu-18.04-2.10.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="U_CAN_Ubuntu_18-04_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_CAN_Ubuntu_18-04_LTS_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="9/1/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="CAN_Ubuntu_18-04_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.xml" releaseinfo="Release: 10 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.10" created="3/6/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-219150" severity="medium" conversionstatus="pass" title="SRG-OS-000185-GPOS-00079" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system.
@@ -75,6 +75,46 @@ Check that the "AllowUnauthenticated" variable is not set at all or set to "fals
 /etc/apt/apt.conf.d/01-vendor-Ubuntu:APT::Get::AllowUnauthenticated "false";
 
 If any of the files returned from the command with "AllowUnauthenticated" set to "true", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219159" severity="medium" conversionstatus="pass" title="SRG-OS-000191-GPOS-00080" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.
+
+To support this requirement, the Ubuntu operating system may have an integrated solution incorporating continuous scanning using HBSS and periodic scanning using other tools, as specified in the requirement.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100545</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Check that the "mcafeetp" package has been installed:
+
+# dpkg -l | grep -i mcafeetp
+
+If the "mcafeetp" package is not installed, this is a finding.
+
+Check that the daemon is running:
+
+# /opt/McAfee/ens/tp/init/mfetpd-control.sh status
+
+If the daemon is not running, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219163" severity="low" conversionstatus="pass" title="SRG-OS-000383-GPOS-00166" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If cached authentication information is out-of-date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100553</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>If smart card authentication is not being used on the system this item is Not Applicable.
+
+Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
+
+Check that PAM prohibits the use of cached authentications after one day with the following command:
+
+# sudo grep offline_credentials_expiration /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
+
+offline_credentials_expiration = 1
+
+If "offline_credentials_expiration" is not set to a value of "1", in /etc/sssd/sssd.conf or in a file with a name ending in .conf in the /etc/sssd/conf.d/ directory, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219164" severity="low" conversionstatus="pass" title="SRG-OS-000480-GPOS-00226" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -186,17 +226,21 @@ If the output does not contain "sha512", or it is commented out, this is a findi
     <Rule id="V-219188" severity="medium" conversionstatus="pass" title="SRG-OS-000205-GPOS-00083" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by the organization.
 
-Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information, such as account numbers, social security numbers, and credit card numbers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information, such as account numbers, social security numbers, and credit card numbers.
+
+The /var/log/btmp, /var/log/wtmp, and /var/log/lastlog files have group write and global read permissions to allow for the lastlog function to perform. Limiting the permissions beyond this configuration will result in the failure of functions that rely on the lastlog database.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <LegacyId>V-100603</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system has all system log files under the /var/log directory with a permission set to 640, by using the following command:
+      <RawString>Verify the Ubuntu operating system has all system log files under the /var/log directory with a permission set to "640", by using the following command:
 
-# sudo find /var/log -perm /137 -type f -exec stat -c "%n %a" {} \; 
+Note: The btmp, wtmp, and lastlog files are excluded. Refer to the Discussion for details.
 
-If command displays any output, this is a finding.</RawString>
+$ sudo find /var/log -perm /137 ! -name '*[bw]tmp' ! -name '*lastlog' -type f -exec stat -c "%n %a" {} \; 
+
+If the command displays any output, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219194" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
@@ -259,6 +303,162 @@ Check that the "logout" target is not bound to an action with the following comm
 logout=''
 
 If the "logout" key is bound to an action, is commented out, or is missing, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219228" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100683</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files have a mode of "0600" or less permissive.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files have a mode of "0600" or less by using the following command:
+
+# sudo stat -c "%n %a" /var/log/audit/*
+/var/log/audit/audit.log 600
+
+If the audit log files have a mode more permissive than "0600", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219229" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100685</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files are owned by "root" account.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" user by using the following command:
+
+# sudo stat -c "%n %U" /var/log/audit/*
+/var/log/audit/audit.log root
+
+If the audit log files are owned by an user other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219230" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100687</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files are owned by "root" group.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
+
+# sudo stat -c "%n %G" /var/log/audit/*
+/var/log/audit/audit.log root
+
+If the audit log files are owned by a group other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219231" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100689</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory has a mode of "0750" or less permissive.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory has a mode of "0750" or less by using the following command:
+
+# sudo stat -c "%n %a" /var/log/audit
+/var/log/audit 750
+
+If the audit log directory has a mode more permissive than "0750", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219232" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100691</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory is owned by "root" account.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory is owned by the "root" user by using the following command:
+
+# sudo stat -c "%n %U" /var/log/audit
+/var/log/audit root
+
+If the audit log directory is owned by an user other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219233" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100693</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory is owned by "root" group.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory is owned by the "root" group by using the following command:
+
+# sudo stat -c "%n %G" /var/log/audit
+/var/log/audit root
+
+If the audit log directory is owned by a group other than "root", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219315" severity="medium" conversionstatus="pass" title="SRG-OS-000066-GPOS-00034" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
@@ -292,7 +492,7 @@ If "cert_policy" is not set to "ca", or the line is commented out, this is a fin
       <LegacyId>V-100855</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system has the 'libpam-pkcs11’ package installed, by running the following command:
+      <RawString>Verify the Ubuntu operating system has the "libpam-pkcs11" package installed, by running the following command:
 
      # dpkg -l | grep libpam-pkcs11
 
@@ -302,7 +502,7 @@ Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file
      # grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
      use_mappers = pwent
 
-If ‘use_mappers’ is not found or is not set to pwent this is a finding.</RawString>
+If "use_mappers" is not found, or is not set to "pwent", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219320" severity="medium" conversionstatus="pass" title="SRG-OS-000377-GPOS-00162" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
@@ -341,6 +541,30 @@ Check the account inactivity value by performing the following command:
 INACTIVE=35
 
 If "INACTIVE" is not set to a value 0&lt;[VALUE]&lt;=35, or is commented out, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219330" severity="medium" conversionstatus="pass" title="SRG-OS-000142-GPOS-00071" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
+
+Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100883</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the Ubuntu operating system is configured to use TCP syncookies.
+
+Check the value of TCP syncookies with the following command:
+
+# sysctl net.ipv4.tcp_syncookies
+net.ipv4.tcp_syncookies = 1
+
+If the value is not "1", this is a finding.
+
+Check the saved value of TCP syncookies with the following command:
+
+# sudo grep -i net.ipv4.tcp_syncookies /etc/sysctl.conf /etc/sysctl.d/* | grep -v '#'
+
+If no output is returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219331" severity="medium" conversionstatus="pass" title="SRG-OS-000355-GPOS-00143" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
@@ -430,6 +654,31 @@ lo Link encap:Local Loopback
 
 If a wireless interface is configured and has not been documented and approved by the Information System Security Officer (ISSO), this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255907" severity="low" conversionstatus="pass" title="SRG-OS-000138-GPOS-00069" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
+
+     $ sudo sysctl kernel.dmesg_restrict
+     kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter:
+
+     $ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
+     /etc/sysctl.conf:kernel.dmesg_restrict = 1
+     /etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
+    </Rule>
   </DocumentRule>
   <ManualRule dscresourcemodule="None">
     <Rule id="V-219147" severity="high" conversionstatus="pass" title="SRG-OS-000080-GPOS-00048" dscresource="None">
@@ -505,52 +754,6 @@ audit-offload
 Check if the script inside the file does offloading of audit logs to an external media.
 
 If the script file does not exist or if the script file doesn't offload audit logs, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219162" severity="low" conversionstatus="pass" title="SRG-OS-000342-GPOS-00133" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
-
-Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100551</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify the audit event multiplexor is configured to off-load audit records to a different system or storage media from the system being audited.
-
-Check that audisp-remote plugin is installed:
-
-# sudo dpkg -s audispd-plugins
-
-If status is "not installed", verify that another method to off-load audit logs has been implemented.
-
-Check that the records are being off-loaded to a remote server with the following command:
-
-# sudo grep -i active /etc/audisp/plugins.d/au-remote.conf
-
-active = yes
-
-If "active" is not set to "yes", or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
-
-If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219163" severity="low" conversionstatus="pass" title="SRG-OS-000383-GPOS-00166" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If cached authentication information is out-of-date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100553</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>If smart card authentication is not being used on the system this item is Not Applicable.
-
-Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
-
-Check that PAM prohibits the use of cached authentications after one day with the following command:
-
-# sudo grep offline_credentials_expiration /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
-
-offline_credentials_expiration = 1
-
-If "offline_credentials_expiration" is not set to a value of "1", in /etc/sssd/sssd.conf or in a file with a name ending in .conf in the /etc/sssd/conf.d/ directory, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219168" severity="medium" conversionstatus="pass" title="SRG-OS-000109-GPOS-00056" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
@@ -686,7 +889,7 @@ Check that the /var/log directory is owned by root with the following command:
 If the /var/log directory is not owned by root, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219191" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+      <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
@@ -694,15 +897,17 @@ The structure and content of error messages must be carefully considered by the
       <LegacyId>V-100609</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify that the Ubuntu operating system configures the /var/log directory with a mode of 750 or less permissive.
+      <RawString>Verify that the Ubuntu operating system configures the /var/log directory with a mode of "755" or less permissive.
 
 Check the mode of the /var/log directory with the following command:
 
-# stat -c "%n %a" /var/log
+Note: If rsyslog is active and enabled on the operating system, this requirement is not applicable.
 
-/var/log 750
+$ stat -c "%n %a" /var/log
 
-If a value of "750" or less permissive is not returned, this is a finding.</RawString>
+/var/log 755
+
+If a value of "755" or less permissive is not returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219192" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
@@ -1050,162 +1255,6 @@ Loaded: masked (/dev/null; bad)
 Active: inactive (dead)
 
 If the "ctrl-alt-del.target" is not masked, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219228" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100683</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files have a mode of "0600" or less permissive.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files have a mode of "0600" or less by using the following command:
-
-# sudo stat -c "%n %a" /var/log/audit/*
-/var/log/audit/audit.log 600
-
-If the audit log files have a mode more permissive than "0600", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219229" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100685</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files are owned by "root" account.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" user by using the following command:
-
-# sudo stat -c "%n %U" /var/log/audit/*
-/var/log/audit/audit.log root
-
-If the audit log files are owned by an user other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219230" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100687</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files are owned by "root" group.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
-
-# sudo stat -c "%n %G" /var/log/audit/*
-/var/log/audit/audit.log root
-
-If the audit log files are owned by a group other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219231" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100689</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory has a mode of "0750" or less permissive.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory has a mode of "0750" or less by using the following command:
-
-# sudo stat -c "%n %a" /var/log/audit
-/var/log/audit 750
-
-If the audit log directory has a mode more permissive than "0750", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219232" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100691</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory is owned by "root" account.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory is owned by the "root" user by using the following command:
-
-# sudo stat -c "%n %U" /var/log/audit
-/var/log/audit root
-
-If the audit log directory is owned by an user other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219233" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100693</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory is owned by "root" group.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory is owned by the "root" group by using the following command:
-
-# sudo stat -c "%n %G" /var/log/audit
-/var/log/audit root
-
-If the audit log directory is owned by a group other than "root", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219234" severity="medium" conversionstatus="pass" title="SRG-OS-000063-GPOS-00032" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -1506,30 +1555,6 @@ Account expires : Aug 07, 2019
 
 Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
 If any temporary account does not expire within 72 hours of that account's creation, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219330" severity="medium" conversionstatus="pass" title="SRG-OS-000142-GPOS-00071" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
-
-Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100883</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system is configured to use TCP syncookies.
-
-Check the value of TCP syncookies with the following command:
-
-# sysctl net.ipv4.tcp_syncookies
-net.ipv4.tcp_syncookies = 1
-
-If the value is not "1", this is a finding.
-
-Check the saved value of TCP syncookies with the following command:
-
-# sudo grep -i net.ipv4.tcp_syncookies /etc/sysctl.conf /etc/sysctl.d/* | grep -v '#'
-
-If no output is returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219332" severity="low" conversionstatus="pass" title="SRG-OS-000356-GPOS-00144" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.
@@ -2046,6 +2071,37 @@ Check that APT is configured to remove all software components after updating wi
 Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
 If the "::Remove-Unused-Dependencies" and "::Remove-Unused-Kernel-Packages" parameters are not set to "true", or are missing, or are commented out, this is a finding.
 </RawString>
+    </Rule>
+    <Rule id="V-219162" severity="low" conversionstatus="pass" title="SRG-OS-000342-GPOS-00133" dscresource="None">
+      <ContainsLine>active = yes</ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+
+Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>\s*active\s*=\s*no|active=yes|#\s*active\s*=.*</DoesNotContainPattern>
+      <DuplicateOf>V-219153.b</DuplicateOf>
+      <FilePath>/etc/audisp/plugins.d/au-remote.conf</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100551</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString>
+      </OrganizationValueTestString>
+      <RawString>Verify the audit event multiplexor is configured to off-load audit records to a different system or storage media from the system being audited.
+
+Check that audisp-remote plugin is installed:
+
+# sudo dpkg -s audispd-plugins
+
+If status is "not installed", verify that another method to off-load audit logs has been implemented.
+
+Check that the records are being off-loaded to a remote server with the following command:
+
+# sudo grep -i active /etc/audisp/plugins.d/au-remote.conf
+
+active = yes
+
+If "active" is not set to "yes", or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
+
+If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219167.a" severity="medium" conversionstatus="pass" title="SRG-OS-000024-GPOS-00007" dscresource="nxFileLine">
       <ContainsLine>[org/gnome/login-screen]</ContainsLine>
@@ -2176,7 +2232,7 @@ If the banner text does not match the Standard Mandatory DoD Notice and Consent
     <Rule id="V-219170.b" severity="medium" conversionstatus="pass" title="SRG-OS-000228-GPOS-00088" dscresource="nxFileLine">
       <ContainsLine>You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
-By using this IS (which includes any device attached to this IS), you consent to the following conditions.
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
 -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
 
@@ -2208,7 +2264,7 @@ By using this IS (which includes any device attached to this IS), you consent to
 -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 Satisfies: SRG-OS-000228-GPOS-00088, SRG-OS-000023-GPOS-00006&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DoesNotContainPattern>#\s*You\s*are\s*accessing\s*a\s*U.S.\s*Government\s*(USG)\s*Information\s*System\s*(IS)\s*that\s*is\s*provided\s*for\s*USG-authorized\s*use\s*only.\s*By\s*using\s*this\s*IS\s*(which\s*includes\s*any\s*device\s*attached\s*to\s*this\s*IS),\s*you\s*consent\s*to\s*the\s*following\s*conditions.\s*-The\s*USG\s*routinely\s*intercepts\s*and\s*monitors\s*communications\s*on\s*this\s*IS\s*for\s*purposes\s*including,\s*but\s*not\s*limited\s*to,\s*penetration\s*testing,\s*COMSEC\s*monitoring,\s*network\s*operations\s*and\s*defense,\s*personnel\s*misconduct\s*(PM),\s*law\s*enforcement\s*(LE),\s*and\s*counterintelligence\s*(CI)\s*investigations.\s*-At\s*any\s*time,\s*the\s*USG\s*may\s*inspect\s*and\s*seize\s*data\s*stored\s*on\s*this\s*IS.\s*-Communications\s*using,\s*or\s*data\s*stored\s*on,\s*this\s*IS\s*are\s*not\s*private,\s*are\s*subject\s*to\s*routine\s*monitoring,\s*interception,\s*and\s*search,\s*and\s*may\s*be\s*disclosed\s*or\s*used\s*for\s*any\s*USG-authorized\s*purpose.\s*-This\s*IS\s*includes\s*security\s*measures\s*(e.g.,\s*authentication\s*and\s*access\s*controls)\s*to\s*protect\s*USG\s*interests--not\s*for\s*your\s*personal\s*benefit\s*or\s*privacy.\s*-Notwithstanding\s*the\s*above,\s*using\s*this\s*IS\s*does\s*not\s*constitute\s*consent\s*to\s*PM,\s*LE\s*or\s*CI\s*investigative\s*searching\s*or\s*monitoring\s*of\s*the\s*content\s*of\s*privileged\s*communications,\s*or\s*work\s*product,\s*related\s*to\s*personal\s*representation\s*or\s*services\s*by\s*attorneys,\s*psychotherapists,\s*or\s*clergy,\s*and\s*their\s*assistants.\s*Such\s*communications\s*and\s*work\s*product\s*are\s*private\s*and\s*confidential.\s*See\s*User\s*Agreement\s*for\s*details.</DoesNotContainPattern>
+      <DoesNotContainPattern>#\s*You\s*are\s*accessing\s*a\s*U.S.\s*Government\s*(USG)\s*Information\s*System\s*(IS)\s*that\s*is\s*provided\s*for\s*USG-authorized\s*use\s*only.\s*By\s*using\s*this\s*IS\s*(which\s*includes\s*any\s*device\s*attached\s*to\s*this\s*IS),\s*you\s*consent\s*to\s*the\s*following\s*conditions:\s*-The\s*USG\s*routinely\s*intercepts\s*and\s*monitors\s*communications\s*on\s*this\s*IS\s*for\s*purposes\s*including,\s*but\s*not\s*limited\s*to,\s*penetration\s*testing,\s*COMSEC\s*monitoring,\s*network\s*operations\s*and\s*defense,\s*personnel\s*misconduct\s*(PM),\s*law\s*enforcement\s*(LE),\s*and\s*counterintelligence\s*(CI)\s*investigations.\s*-At\s*any\s*time,\s*the\s*USG\s*may\s*inspect\s*and\s*seize\s*data\s*stored\s*on\s*this\s*IS.\s*-Communications\s*using,\s*or\s*data\s*stored\s*on,\s*this\s*IS\s*are\s*not\s*private,\s*are\s*subject\s*to\s*routine\s*monitoring,\s*interception,\s*and\s*search,\s*and\s*may\s*be\s*disclosed\s*or\s*used\s*for\s*any\s*USG-authorized\s*purpose.\s*-This\s*IS\s*includes\s*security\s*measures\s*(e.g.,\s*authentication\s*and\s*access\s*controls)\s*to\s*protect\s*USG\s*interests--not\s*for\s*your\s*personal\s*benefit\s*or\s*privacy.\s*-Notwithstanding\s*the\s*above,\s*using\s*this\s*IS\s*does\s*not\s*constitute\s*consent\s*to\s*PM,\s*LE\s*or\s*CI\s*investigative\s*searching\s*or\s*monitoring\s*of\s*the\s*content\s*of\s*privileged\s*communications,\s*or\s*work\s*product,\s*related\s*to\s*personal\s*representation\s*or\s*services\s*by\s*attorneys,\s*psychotherapists,\s*or\s*clergy,\s*and\s*their\s*assistants.\s*Such\s*communications\s*and\s*work\s*product\s*are\s*private\s*and\s*confidential.\s*See\s*User\s*Agreement\s*for\s*details.</DoesNotContainPattern>
       <DuplicateOf />
       <FilePath>/etc/issue</FilePath>
       <IsNullOrEmpty>False</IsNullOrEmpty>
@@ -2217,7 +2273,7 @@ Satisfies: SRG-OS-000228-GPOS-00088, SRG-OS-000023-GPOS-00006&lt;/VulnDiscussion
       <OrganizationValueTestString />
       <RawString>You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
-By using this IS (which includes any device attached to this IS), you consent to the following conditions.
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
 -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
 
@@ -4506,6 +4562,26 @@ X11UseLocalhost yes
 
 If the "X11UseLocalhost" keyword is set to "no", is missing, or is commented out, this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255906" severity="medium" conversionstatus="pass" title="SRG-OS-000250-GPOS-00093" dscresource="nxFileLine">
+      <ContainsLine>KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection.
+
+The system will attempt to use the first algorithm presented by the client that matches the server list. Listing the values "strongest to weakest" is a method to ensure the use of the strongest algorithm available to secure the SSH connection.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>#\s*KexAlgorithms\s*ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</DoesNotContainPattern>
+      <DuplicateOf />
+      <FilePath>/etc/ssh/sshd_config</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the SSH server is configured to use only FIPS-validated key exchange algorithms:
+
+     $ sudo grep -i kexalgorithms /etc/ssh/sshd_config
+     KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
+ 
+If "KexAlgorithms" is not configured, is commented out, or does not contain only the algorithms "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" in exact order, this is a finding.</RawString>
+    </Rule>
   </nxFileLineRule>
   <nxFileRule dscresourcemodule="nx">
     <Rule id="V-219303.a" severity="medium" conversionstatus="pass" title="SRG-OS-000029-GPOS-00010" dscresource="nxFile">
@@ -4631,29 +4707,6 @@ If a privileged user were to log on using this service, the privileged user pass
 # dpkg -l | grep rsh-server
 
 If the rsh-server package is installed, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219159" severity="medium" conversionstatus="pass" title="SRG-OS-000191-GPOS-00080" dscresource="nxPackage">
-      <Description>&lt;VulnDiscussion&gt;Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.
-
-To support this requirement, the Ubuntu operating system may have an integrated solution incorporating continuous scanning using HBSS and periodic scanning using other tools, as specified in the requirement.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <Ensure>Present</Ensure>
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100545</LegacyId>
-      <Name>mfetp</Name>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Check that the "mfetp" package has been installed:
-
-# dpkg -l | grep mfetp
-
-If the "mfetp" package is not installed, this is a finding.
-
-Check that the daemon is running:
-
-# /opt/McAfee/ens/tp/init/mfetpd-control.sh status
-
-If the daemon is not running, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219160.a" severity="medium" conversionstatus="pass" title="SRG-OS-000269-GPOS-00103" dscresource="nxPackage">
       <Description>&lt;VulnDiscussion&gt;Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. 
@@ -4990,14 +5043,17 @@ This requirement applies to the Ubuntu operating system performing security func
       <RawString>Verify that Advanced Intrusion Detection Environment (AIDE) is installed and verifies the correct operation of all security functions.
 
 Check that the AIDE package is installed with the following command:
-
-# sudo dpkg -l | grep aide
-
-aide/xenial,now 0.16~a2.git20130520-3 amd64 [installed]
+     $ sudo dpkg -l | grep aide 
+     ii   aide   0.16-3ubuntu0.1   amd64   Advanced Intrusion Detection Environment - static binary
 
 If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
 
-If there is no application installed to perform integrity checks, this is a finding.</RawString>
+If there is no application installed to perform integrity checks, this is a finding.
+
+If AIDE is installed, check if it has been initialized with the following command:
+     $ sudo aide.wrapper --check
+
+If the output is "Couldn't open file /var/lib/aide/aide.db for reading", this is a finding.</RawString>
     </Rule>
   </nxPackageRule>
   <nxServiceRule dscresourcemodule="nx">

source/StigData/Processed/WindowsServer-2022-DC-1.1.org.default.xml

@@ -0,0 +1,95 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254387'' -le '600' -and ''V-254387'' -ne '0'-->
+  <OrganizationalSetting id="V-254387" PolicyValue="600" />
+  <!-- Ensure ''V-254388'' -le '10' -and ''V-254388'' -ne '0'-->
+  <OrganizationalSetting id="V-254388" PolicyValue="10" />
+  <!-- Ensure ''V-254389'' -le '7'-->
+  <OrganizationalSetting id="V-254389" PolicyValue="7" />
+  <!-- Ensure ''V-254390'' -le '5'-->
+  <OrganizationalSetting id="V-254390" PolicyValue="5" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>

source/StigData/Processed/WindowsServer-2022-MS-1.1.org.default.xml

@@ -0,0 +1,91 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254432'' -le '4'-->
+  <OrganizationalSetting id="V-254432" ValueData="4" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254435'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-254435" Identity="Enterprise Admins,Domain Admins,Local account and member of Administrators group,Guests" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>