Merge remote-tracking branch 'origin/4.16.0' into dev

CHANGELOG.md

@@ -2,6 +2,17 @@
 
 ## [Unreleased]
 
+## [4.16.0] - 2023-03-16
+
+* Update PowerSTIG to Parse/Apply Red Hat Enterprise Linux 7 STIG V3R10: [#1193](https://github.com/microsoft/PowerStig/issues/1193)
+* Update PowerSTIG to Parse/Apply CAN_Ubuntu_18-04_LTS_V2R10_STIG: [#1191](https://github.com/microsoft/PowerStig/issues/1191)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 STIG V2R8: [#1196](https://github.com/microsoft/PowerStig/issues/1196)
+* Update PowerSTIG to Parse/Apply Google Chrome V2R8 [#1192](https://github.com/microsoft/PowerStig/issues/1192)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 8.5 Site V2R7 & Server STIG V2R5 [#1195](https://github.com/microsoft/PowerStig/issues/1195)
+* Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus V2R8 #1194: [#1194](https://github.com/microsoft/PowerStig/issues/1194)
+* Update PowerSTIG to Parse/Apply Microsoft Windows Server 2022 V1R1 STIG - Ver 1, Rel 1: [#1190](https://github.com/microsoft/PowerStig/issues/1190)
+* Update Readme to reflect all covered technologies [#1184](https://github.com/microsoft/PowerStig/issues/1184)
+
 ## [4.15.0] - 2022-12-29
 
 * Update PowerSTIG to Parse/Apply Canonical Ubuntu 18.04 LTS STIG - Ver 2, Rel 9: [#1164](https://github.com/microsoft/PowerStig/issues/1164)

FILEHASH.md

@@ -1,156 +1,160 @@
-# PowerSTIG File Hashes : Module Version 4.15.0
+# PowerSTIG File Hashes : Module Version 4.16.0
 
 Hashes for **PowerSTIG** files are listed in the following table:
 
 | File | SHA256 Hash | Size (bytes) |
 | :---- | ---- | ---: |
-| Adobe-AcrobatPro-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatPro-2.1.xml | 04AB72A08B8BEAD381DE0AB0BE5AD762D1ECE5428139A7A6CE2ABD2CC8B6118B | 54113 |
-| Adobe-AcrobatReader-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Adobe-AcrobatReader-1.6.xml | 0FEFDC7088E15320B2E94D52A718512DB3B677FB37D2AD0B00AE40E2CE89ADC1 | 54786 |
-| Adobe-AcrobatReader-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Adobe-AcrobatReader-2.1.xml | D4EB78A7A898274EA19F9067236068E267387E853D4877C12E944ADD9778750F | 55467 |
-| DotNetFramework-4-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| DotNetFramework-4-2.1.xml | 4D6A3404C39C2846B686E97D66B78F9B1D1F921520CF1A276CF3CE39FD1F2938 | 57332 |
-| DotNetFramework-4-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| DotNetFramework-4-2.2.xml | 8E4AB02FE2C34C76FA578CADC767F323E714C9B8DAF6373E922EDC2B93A89D6D | 57276 |
-| FireFox-All-5.1.org.default.xml | E7C6EC873CBA03D49FAC68B22CD558C1D0108B32D441BEF3C5BD48EB3B95B911 | 297 |
-| FireFox-All-5.1.xml | B285EFC9F6A51899D65DC601ACF60A351C087A9C1E6C58F8E499B86BC92F599F | 46615 |
-| FireFox-All-5.2.org.default.xml | 9B72F155F7A22AEF2201C6CE20EC05E50FEF8B9EF8DA02AB5EDF920A16B18CC2 | 297 |
-| FireFox-All-5.2.xml | D19F32C9F4AA0DD54C38CAF228CF4CC1C2C5E0CD2C5EA8C726768A0DCD8B3D44 | 46744 |
-| Google-Chrome-2.6.org.default.xml | 7C81D2916C14787A5B0009A1E9CE9C41FF5E33235B35BDDE4467104F79082215 | 990 |
-| Google-Chrome-2.6.xml | 113ACBBA58E7578BC2B550DFAF4256E0B56C441AC8CD5DC80F6C63CD36C5668F | 93353 |
-| Google-Chrome-2.7.org.default.xml | 9B1559EAC6822D505F9BCA3C91570DA4818E3D5ACC6B836E774F2CBD621EB598 | 990 |
-| Google-Chrome-2.7.xml | EFB0D58A0B2B66020695A79396039A7D93848C13F65648D3079A47749CEAC715 | 93355 |
-| IISServer-10.0-2.6.org.default.xml | 95A59D5BB86845326537CC9A82DBB798BFEC89508560D1E34449310A03210AA4 | 752 |
-| IISServer-10.0-2.6.xml | C03F56D30CFBA90C6AFAD08CB088A0D968D9DA6EB658A1A4A1243E4E2D348896 | 136405 |
-| IISServer-10.0-2.7.org.default.xml | F145355FD8DD5CBFE84E3FC76A69E4AF046D2CCCE04F498704F928503F5F5C85 | 739 |
-| IISServer-10.0-2.7.xml | 8102C44BE74D7BC1214603BC77B49890E21E3DB7EB4BEA2652817A6EEEAB218A | 135599 |
-| IISServer-8.5-2.3.org.default.xml | 5214CE6723F1FDC543275D4C6D626F9C36428CDBEBCF3952F5DDECC9EF052EC5 | 739 |
-| IISServer-8.5-2.3.xml | F31E4A7F05EB5D84260F1ED9272254D68170C6E538EEA922C57F44E2D8A98ED5 | 131783 |
+| Adobe-AcrobatPro-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatPro-2.1.xml | 014A3C048B3C3CF43597155E564EDB802182C3C14E4BE68DEF85B148071FD320 | 54732 |
+| Adobe-AcrobatReader-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Adobe-AcrobatReader-1.6.xml | E5661CDA5DC7B532EED196E7864F70DE96144E010EC6DB5A3ABA921DBC359664 | 55466 |
+| Adobe-AcrobatReader-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Adobe-AcrobatReader-2.1.xml | 9D48DF1B16B1D22B60CA4AA59B898421119E88CE0A24BB170D8FBAC1C4DD7573 | 56174 |
+| DotNetFramework-4-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| DotNetFramework-4-2.1.xml | D5DE0BFBE10D48D9EB1D7EDBAD55BAB654D6E7D44AC7BDFF6AA33AFB428CCD29 | 57984 |
+| DotNetFramework-4-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| DotNetFramework-4-2.2.xml | 294B45354DCFFAF12E1B859C64BEB70C27DB3942E32908DF8F259EA0B6503728 | 57926 |
+| FireFox-All-5.1.org.default.xml | C945966A44DEE00C73906437983A9BE413F6012F7E796F127545317096170D61 | 305 |
+| FireFox-All-5.1.xml | 7221F60B2D2AF30F506229A4A4429F3D1BEFBE07122CA61132407F35AB0BBC7E | 47024 |
+| FireFox-All-5.2.org.default.xml | 246A15D8F07D6ABC702CEA0C105CA89F93F36BDB8702C8FF81D960BEB66B9759 | 305 |
+| FireFox-All-5.2.xml | C7A987AADBF8B82CF2C200D7412C09D2C3ED4798B1F4E3F5F99DB627155BC909 | 47155 |
+| Google-Chrome-2.7.org.default.xml | 2C72514682BD1028908E63B2F5BAC8A72D5CC35CD1C402BA48EDFC4C5545BD1C | 1009 |
+| Google-Chrome-2.7.xml | 9F538B3A661952B4FB4AA38F7CBFEDFB8157B843A2F7046CEB918243FB751363 | 94337 |
+| Google-Chrome-2.8.org.default.xml | FE3FC2904EF4CC4D17D6911070C5B6C2CE86F279E7EE7487A2DA7F83F83066D0 | 1009 |
+| Google-Chrome-2.8.xml | 09AC14A7D31C20FC91E6DD7406CF22A775CA596AE2DF850A963C915DF483C9BC | 94052 |
+| IISServer-10.0-2.7.org.default.xml | ECA311FFECCBCEADB27A2F7CF1FD88C489EDF98206D65C755FBD794437E4852A | 752 |
+| IISServer-10.0-2.7.xml | B8757CCF4C8AA892346C70DD8312C3059ACEDDA0A730D0D7FAC190796EBCBE17 | 137334 |
+| IISServer-10.0-2.8.org.default.xml | 8482D17674D96660A2E213FDDC2A93552E81C3A4D96A43F8BC6DF08342E388C9 | 752 |
+| IISServer-10.0-2.8.xml | BE89F02F51BCEC375D64FA0CC94990E4CC501B8B640A761FB2B35D7C985C77B4 | 137396 |
 | IISServer-8.5-2.4.org.default.xml | 8034D2946139C2F0A6C93192F60CCE03C7DBEBEBDFA1F2C1FB01BE9597D873BB | 752 |
 | IISServer-8.5-2.4.xml | 081C0F929BF700DD594719DE11E343660DFB906716916DFB28BCDA4F41896685 | 132589 |
+| IISServer-8.5-2.5.org.default.xml | 956622CF2F23549C3AA1660AAC823D5EF0DD73A9C193303D142FD168D4CBDEE5 | 752 |
+| IISServer-8.5-2.5.xml | 0F8D082DB66148BE08F530F523B7B2B55124F57ACF5EEB05D699151F07B71B1B | 133450 |
 | IISSite-10.0-2.6.org.default.xml | 1C1E203AB4D6971068E09CBEB35C9C39BCA13B271C9EFE4FB95BBB9DC2957F91 | 1413 |
 | IISSite-10.0-2.6.xml | 4FA0844B38F05E4BCDE6B4D01CF3A3C08DBDFDF78A33B4EED2432EE8F06F577B | 113306 |
-| IISSite-10.0-2.7.org.default.xml | 66043BE739DA43C4D041D790961D28396707A71FC0EC7DC1C2C53112AF96F13B | 1388 |
-| IISSite-10.0-2.7.xml | C60114335C33CF0A6AD3C11B837428FE920E528F0AC79AA08A608B2D6F2AA925 | 110678 |
-| IISSite-8.5-2.5.org.default.xml | 1CC2FC4D560DC20509DD735506D3A05CD7013F052BA118D250A5437BAF1A9D4B | 1882 |
-| IISSite-8.5-2.5.xml | 6C107E0B975115D4C32A7EE327ECE07A7BB52118F4BB063A3C0FF7C0D98B071D | 124809 |
+| IISSite-10.0-2.7.org.default.xml | 0DB0FE0B6B2796ED6555C4029D8571135C55E31DB080B5351C97931EF4338EA8 | 1413 |
+| IISSite-10.0-2.7.xml | A84303C30AB3BAA48CAC47B5014BB714704B1D0B480F651FC4832E14B9DF2581 | 112015 |
 | IISSite-8.5-2.6.org.default.xml | 79EF409B1998296B7187B4F9DC0DC680E7E903C4F5C6DACBA55DD7CBF65ED6AE | 1819 |
 | IISSite-8.5-2.6.xml | 6FD8BBD8AC83EE0C14C5D64ED57D00FDCA692C9523F4D5DB7DF02191A90DF5AA | 122787 |
-| InternetExplorer-11-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| InternetExplorer-11-2.1.xml | 8E0E2B418E99BA217D9E0A4060D62FCCF053F6E6A1C5B5EB8ABDE6477A75C2DF | 329761 |
+| IISSite-8.5-2.7.org.default.xml | 41C5060A27C20B65330926366D4EDFF5C7108538BE6F9C314F35F991B2B939DF | 1819 |
+| IISSite-8.5-2.7.xml | 95A8C6FB824718CC9A13F3AF24781DAAEBC802DE2E677BC000E3A3EC817AED24 | 123589 |
+| InternetExplorer-11-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| InternetExplorer-11-2.1.xml | 1CDBB4ADA92FFB610BBD57F05D7055FC108CBBCA7770473907E8024C5637234B | 331854 |
 | InternetExplorer-11-2.2.org.default.xml | CFAFCD73ED15B911604867FF6423AB21CF6F66976DA781D58C2FFC7FCA70CF60 | 299 |
 | InternetExplorer-11-2.2.xml | D1C082EEB7B774413BCDE4BA7293FEAAD291F53A5FBDBB2E649F25E8ED61150E | 334340 |
-| McAfee-8.8-VirusScan-5.16.org.default.xml | 0122D7BC3AB85E7EEC2C8A989687541AEB6A7DCC025692894EB208B9ED5EDF2B | 760 |
-| McAfee-8.8-VirusScan-5.16.xml | 5A2E6A31CA07BF76F6F3A7F77D3FC1A180128D390C70F4ECFFFA3F9B19408625 | 241862 |
+| McAfee-8.8-VirusScan-5.16.org.default.xml | 28792D63E69F797CA02CCAE52F537B1001D9069BD7DE4F5A73375424C19FE660 | 777 |
+| McAfee-8.8-VirusScan-5.16.xml | 22CAEE788CA69690819D46548D19E40163FD8EB799F8EC7FAA4E5FB714C4F445 | 244268 |
 | MS-Edge-1.5.org.default.xml | 562551BABBA8AB74289B0FF4E7C88914ED7B771D35D4FADC33305459C7C11B3C | 1057 |
 | MS-Edge-1.5.xml | AF60D4691669E4A78E7BD907D32AF6FE6168EFEC8773DC71728EBDE4DA05EB9D | 115218 |
-| MS-Edge-1.6.org.default.xml | E191F7717B75893560A6CB4C9293CA84BD279116730C6790733AD90DCA452A13 | 1040 |
-| MS-Edge-1.6.xml | 8F2B0A0066454392D766F3FB12A99880BE64967AD8A412B3E4A0169B168F662C | 114286 |
-| Office-365ProPlus-2.6.org.default.xml | 630EF8AE632A67453ACF1983C01460CFAA8140E034F121B8DD9CC2AD828D8AFA | 2401 |
-| Office-365ProPlus-2.6.xml | 9EECC40ACC3387E33CE35251763D47FEF89D15F9594684857A0FA09BEF3A0A8A | 372098 |
-| Office-365ProPlus-2.7.org.default.xml | 76C543682926BE1640EF623637BB9C8CB08A72CFFEF19A7C527E9502F710257A | 2397 |
-| Office-365ProPlus-2.7.xml | C11EAD7FE98355F91A9569561893771D2A8837D0CF44017AB41910EBFB1DCB00 | 372099 |
-| Office-Excel2013-1.7.org.default.xml | 7112F164172614EEB9F470466C91609C1AA0EA8AD13F2A1A5AB0147FB0F8E790 | 418 |
-| Office-Excel2013-1.7.xml | 7F3C9FDDA62BD48C271890C2150381BD40A3E40254D5ED8702BA612F52B9863C | 109725 |
-| Office-Excel2016-1.2.org.default.xml | C7D6B6B2EFE31CCDBC9A072AEC52E17D5F9C7C52F326CF480E4B0BBCBEBBE779 | 517 |
-| Office-Excel2016-1.2.xml | C1EEAE1896224260C7EEB48EFEF773D3ECE42F1BD799CB1D4E923CC299CAF812 | 107254 |
-| Office-Outlook2013-1.12.org.default.xml | 6DE2F8E0E9DF57570762FBB22BAF17F389C74DF88E8737D9463DA7491C2DE862 | 298 |
-| Office-Outlook2013-1.12.xml | DCD510AFDC92DD03136480DA09353C4919E01438118D6D0FE9232CE933E7E4EE | 192069 |
-| Office-Outlook2013-1.13.org.default.xml | E0AABF9650DB6A37E05A15A6B943C7B05AA31B2581506380188172B171BA2339 | 450 |
-| Office-Outlook2013-1.13.xml | E7020C1084BD4090C8BB50BE8DFC0B865C3698CBF1802C0D1F7E01EF261437E1 | 192186 |
-| Office-Outlook2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-Outlook2016-2.2.xml | 509C5F1A353E9B18F5AF2EFE11D4389D47A89581676CC8BC3F71BBB9FDD4FD5F | 149729 |
-| Office-Outlook2016-2.3.org.default.xml | 985584822EF58BCE107E522081D8FB5EA24CC74856040D93EC88252958F12EDA | 297 |
-| Office-Outlook2016-2.3.xml | 52CC95E49055AE1DC22B2643868F38093979D9F925399DDB3EA9F7692F606C9B | 149853 |
-| Office-PowerPoint2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-PowerPoint2013-1.6.xml | F58B0231BCF94AF8E0808FEFE48CFC00E4F1F0636E73ED7E974ECAEB1F5A46AA | 93353 |
-| Office-PowerPoint2016-1.1.org.default.xml | 440A06FFB09F4FECB3546372E20FDB16C30F84B55F41EA5DA1AC891491E11F4C | 420 |
-| Office-PowerPoint2016-1.1.xml | CEAF4E6451621201D948A61DBFE57C303AA2F025CD0035374F2B24C68D9ADBCB | 90836 |
-| Office-Publisher2016-1.3.org.default.xml | 6E4C29EB64180DC23653B089C5734F0E4D493FE896DD0A2F4FCAFDC6407DD6AE | 422 |
+| MS-Edge-1.6.org.default.xml | 97393C5F48012A8890502024D487EF0DE2D67DE47B3EC5FD186352D08B233390 | 1057 |
+| MS-Edge-1.6.xml | A292381A242DA221D31BEAB2A3398E3599187B9E80C8DCDA92FB48EED9F9AF73 | 115719 |
+| Office-365ProPlus-2.7.org.default.xml | 43C03EA6FECC580FA689DBF77CC9E860D18C7ACF75A8A34B006A3699B8697AFB | 2448 |
+| Office-365ProPlus-2.7.xml | CC7BC37FEEF400CA37A3C7D83EEB77D51852FAF00ED47F9D3F0E0E2515B81140 | 375810 |
+| Office-365ProPlus-2.8.org.default.xml | 1E07FF9CBB7524B55843474F1BC04D9C2CAA1111F29EB9965F6AA2137EB26385 | 2450 |
+| Office-365ProPlus-2.8.xml | D7CB2059E061425C28777F8953976C16897A6F813898AB46FA99EDED997F434E | 375774 |
+| Office-Excel2013-1.7.org.default.xml | 6A8FBC7AD79015A5261C617A2EFC0084E58BCAFAAD3FA2B8E61BC01A860C102C | 429 |
+| Office-Excel2013-1.7.xml | E99C7824EB50B0727D7834F8D68FA6840BE8F69921DA49525C3B2921B9AD5A3B | 110738 |
+| Office-Excel2016-1.2.org.default.xml | EE134DCD15DEFBD412AF18477F75248DE83A705E10CA061776F2AE74884749E3 | 530 |
+| Office-Excel2016-1.2.xml | 5685CF03939CA92E8F4C854095344EA88B613E3CC1AB581E3DA4F70D70E69B77 | 108096 |
+| Office-Outlook2013-1.12.org.default.xml | 6691883C5ACE1CBF9ACAFC536E0E335620A9A1B158B75EAB7FE2E661C7C31A63 | 306 |
+| Office-Outlook2013-1.12.xml | DBF4FF03D3214F753B76C5ADFE0FEFB228E87EFD767BBDF1D3847080D67CF3D4 | 193739 |
+| Office-Outlook2013-1.13.org.default.xml | 624856564A2FB618BDF6A41263806BC2BE08B1AE58226425C07EFBADDC98FAF5 | 461 |
+| Office-Outlook2013-1.13.xml | 3446E121027400CE6C4834E4507EA94B5CFD24F65CFA4D5F0524873D32B07D8A | 193858 |
+| Office-Outlook2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-Outlook2016-2.2.xml | 9246147D3FA9E79A70F7024A3AC38FF526341B84CECD6F7175958A69D83B89DD | 151022 |
+| Office-Outlook2016-2.3.org.default.xml | 65560374E19492C3BBA42CC0A40AFC2F74C82AD01977E5061F41A4BCEDC2BF8E | 305 |
+| Office-Outlook2016-2.3.xml | ABF1B429B65076A3C44984451975C4FB264F2721CD47244F8C900290DB2011B0 | 151146 |
+| Office-PowerPoint2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-PowerPoint2013-1.6.xml | 563E20C0149E0CB20880EB777439A7B67C4FE1BBF4347EA7677048E6DD2D2EAA | 94142 |
+| Office-PowerPoint2016-1.1.org.default.xml | 3FEE8C811ED3DB6986E24ABF9BBA833975A908C82EFAECC2E91755E10D02C30C | 431 |
+| Office-PowerPoint2016-1.1.xml | 8F17DC18B9997782E98DACA5044ACB1E63B178A80240AE130D0AC7F64B703531 | 91626 |
+| Office-Publisher2016-1.3.org.default.xml | 87A4435821A71C1861AC3F9103E35FDE176D42FCE97880B4B26439CF49F58C0E | 433 |
 | Office-Publisher2016-1.3.xml | 89F37914B868D581E4253D8ED819544B61C5D5D750A6F09598FBCAFB41E618E3 | 37769 |
-| Office-System2013-1.9.org.default.xml | 4036D829A31308CD45CC8B5A76A9A84612F2593B7700190B5FF1B08EFBF089EF | 852 |
-| Office-System2013-1.9.xml | 96E75BC4A4922BB6D57BE63701AC030EC055AB1D660A8F45D3668E6B0A798959 | 121552 |
-| Office-System2013-2.1.org.default.xml | 5062DB411E0A0E8F42774CA34BB51D8DDCFCE5C5CA316E354520DE4D7C3D8B20 | 856 |
-| Office-System2013-2.1.xml | 89EEA327D7A227B42B981B5A8EA8D80A4E2E7D18F8C40B03C048B09CDEE1F397 | 116188 |
-| Office-System2016-2.1.org.default.xml | F0B2B9A0106BD445822FD658B135BB5BC1A2AB7DF20F3AFCC726917F25E853CF | 297 |
-| Office-System2016-2.1.xml | 9EDFB96DA919A0B9A002F01576949275A3A6D6FC68E25B62729FFCC30C0AD357 | 64487 |
-| Office-System2016-2.2.org.default.xml | 4A5C75A3C0B8E0252DBFDF39D2B68C4172CD36DD8C167575070005A4AE65DA1B | 297 |
-| Office-System2016-2.2.xml | 4B2AF660B2CECFDFD5113710652DE5A3A41DBF6C6E5ACF88C488C35C6DBD1962 | 64776 |
-| Office-Visio2013-1.4.org.default.xml | 955053441F378268498E15AC859046B2E2805E405AC294DDD8C6493A3FD2CC64 | 297 |
-| Office-Visio2013-1.4.xml | A1CFAABF789BD8C3958D35415F23B5B192F028CA98EDD391ECCEE85D87B6543F | 30039 |
-| Office-Word2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 |
-| Office-Word2013-1.6.xml | C6D5620E7977EDA5B59134D0DABFA42AA4AC6C87EFB3FFF6502CE615DF157285 | 80779 |
-| Office-Word2016-1.1.org.default.xml | 724DB22065C11F47D376186EB1A5F959C9721A47A3A2E00F125DFB36BBD96EBD | 420 |
-| Office-Word2016-1.1.xml | CF23511AE9EF837FE49B19F0888F2CC38D1D4E3BF1F054EA35903732A6781858 | 87615 |
-| OracleJRE-8-1.5.org.default.xml | C832884FF191F9D9AD20652CBE1D9C68BE15C2DD9B57CF15B8F85EB1F770BBEF | 491 |
-| OracleJRE-8-1.5.xml | E61F226FA4BC02C4225A3399E4543A3E83DA51F8F813650E246F6472ACFE3982 | 44880 |
-| OracleJRE-8-2.1.org.default.xml | 3DC5157025F594B12BD2E1F5FC7B76818897F5C69555E8396DC8AACB986C8644 | 492 |
-| OracleJRE-8-2.1.xml | B76FEF48981D375C0F604D586D98622D05D8121AAB81A8BB06298BE650FB8DCE | 45903 |
-| RHEL-7-3.8.org.default.xml | 2E74668308150FE9E2F8E817899E5D498E32327AF59E0AB5F3BE607864AD47C8 | 6589 |
-| RHEL-7-3.8.xml | 19A0CF80DC537555C3F568DDBA0575AEE4FE785630A8A59BCD9988774CD31AE9 | 583777 |
-| RHEL-7-3.9.org.default.xml | A4D0A233417A210F173ECF0B20935162045B9E3B67BDB24EC1D39DF826424F16 | 7417 |
+| Office-System2013-1.9.org.default.xml | 45055F756C705090A9F8D6470EF55C2FC8838EA00B2103E372E22B948A06DF63 | 869 |
+| Office-System2013-1.9.xml | 346A48CA6FD98889F0E60928AA0E87E138CF4E8A45E1BDB82BB04005428638C5 | 122545 |
+| Office-System2013-2.1.org.default.xml | 96C2EFAF8780965F18914EB31F6C869AF63ADDB780CB3EA537626BA7DA2B7358 | 873 |
+| Office-System2013-2.1.xml | 40657EF393151DFE4D8FD1B5ABD4C5E87DD4AFD3A7F0B230DD22502F0B9DBF4C | 117184 |
+| Office-System2016-2.1.org.default.xml | 90B8C7718C06C930178B621218A629B44A4F18885F0B5816E06AC76E8A1DA329 | 305 |
+| Office-System2016-2.1.xml | 37E5D07510D1AEC51E6D08A502B7CAFDB3B316188EC2EE6B84D985CC1207DAA7 | 64932 |
+| Office-System2016-2.2.org.default.xml | 7A8F784B74E6FA1575783B1849B258F4DD6B7CD87B165802CCA6A16839CCA5AD | 305 |
+| Office-System2016-2.2.xml | 21F9CF9D4F17F183D6D5DF03090866E502F5C3D36BBD5B81FAAFFAD62A047EB7 | 65225 |
+| Office-Visio2013-1.4.org.default.xml | DEB619FD6632472F27796C703DB93523035A5BCD84A2FE878DABBCFC968FFFD9 | 305 |
+| Office-Visio2013-1.4.xml | 4DDEFCDD8E1D316BB2498D95CC033CBABD536A90EF9D6D1278127F4C4FF8DDA8 | 30296 |
+| Office-Word2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 |
+| Office-Word2013-1.6.xml | 85E667D9899F3B98270275D1E2F1E5BEAF3AC39C0D8F3143E61F53FBA74263B9 | 81466 |
+| Office-Word2016-1.1.org.default.xml | 7C6CDD5943A445A748835DDAEA1C2AC2615A2BC21B0570751F234E5AB5D7B14B | 431 |
+| Office-Word2016-1.1.xml | 3309F6DCAFFDC4521E2B40CD6D1FC8DBEFB69972B64BBEC5C4C43BAF74542B84 | 88318 |
+| OracleJRE-8-1.5.org.default.xml | 9F29E6AA7A905712FC4BBA768764219CB4CD7F259A0515A486E0E9EE4BE03F66 | 502 |
+| OracleJRE-8-1.5.xml | D8D451B6E2B88C4F7FA14809CA7E6485E19C6295460342C01EF78E6787F073F3 | 45264 |
+| OracleJRE-8-2.1.org.default.xml | 83D686E66B98E318AB87ED95F05B1C01265DB40D202C9F1D4BEDE52790EA834D | 503 |
+| OracleJRE-8-2.1.xml | 34B2B1060088BD4A915B3F713464A636DCD98D6B8A32163F831A485F51DEC211 | 46312 |
+| RHEL-7-3.10.org.default.xml | 3A22CFED34A7C489B98C7663B16235B044D0B0B01BF8A66B594CB0D08CF6A3B8 | 7594 |
+| RHEL-7-3.10.xml | ACB557ED8C652EE1EB42B4398559E3199F565ECA1479F7AB8C93A31B03769B67 | 601397 |
+| RHEL-7-3.9.org.default.xml | 9048B69CAD2A4E9C53C2F8865C6AD0965FAFE20D71D345EFC19F3779F6C9F489 | 7470 |
 | RHEL-7-3.9.xml | 6563FE66082A9329FA349507801FB4EA2FCC7145AA30CF8A35E4466E9D30373F | 592180 |
-| SqlServer-2012-Database-1.19.org.default.xml | F0BCFA8BA56A51AB40F7AC1433B0BDB70F8FD15AB83BE236E8FCD182EB12818C | 427 |
-| SqlServer-2012-Database-1.19.xml | A8B5D94FA2D1EC2E9F85C034FAA7453F6554050A10D32A4534F787CC805A18D4 | 85981 |
-| SqlServer-2012-Database-1.20.org.default.xml | 88F0F0E3C3828B8DF4861F67F528D385DA47059F1255E35538209335B9F36C0C | 427 |
-| SqlServer-2012-Database-1.20.xml | 5EB429E846A241764E46144C2CEA4645FEA23291BA8B6DC24000F0054E6A1D83 | 85927 |
-| SqlServer-2012-Instance-1.19.org.default.xml | CBDC914F56AA1E306F5AF10B611B4C0B95E5CAAC8C2A792C0E640557FFF247DC | 1077 |
-| SqlServer-2012-Instance-1.19.xml | 198E9CFB9C9B5F115A41DBED956416389CF03E603D21CC3B6EF343E18308A184 | 716637 |
-| SqlServer-2012-Instance-1.20.org.default.xml | 2FFFB13390E0D6D4DDFBCCC6BB0E607D2CB028F57A521D85610B2D04E5D4230F | 1077 |
-| SqlServer-2012-Instance-1.20.xml | 75F35AB3641E3F11BBC173C57156706A5B57F27AB1FC511CA6256DBBFB9BA962 | 709174 |
-| SqlServer-2016-Instance-2.7.org.default.xml | 575803F6ED47AB833E3BD857BF7F049A6A986A74FCE54213739A0B87803814B2 | 610 |
-| SqlServer-2016-Instance-2.7.xml | 31D0FD81EA21C3586C00A538529058E8C2D046C6FD5D2E49D1EEC1F58F6DB9A5 | 548824 |
-| SqlServer-2016-Instance-2.8.org.default.xml | 36FD816F5FCAD2AF38C53BBDEAD90EBB6DFE195133613B5F407E6399C0AF2BA9 | 610 |
-| SqlServer-2016-Instance-2.8.xml | 6DDFAA3449EDB8C1D3518F317D8ADBE9048751A4FEE71C5A207D07FB4C918F82 | 549523 |
-| Ubuntu-18.04-2.8.org.default.xml | 08CF6671D3A376D8537B68E48971635C07ABB1B49BFC12F47BF7A2C7D153E2D2 | 6879 |
-| Ubuntu-18.04-2.8.xml | 978B0E087CBF6A33E4AF2FCEBB1D6122FC39FF92FB583CBEF229161ADF7E532F | 484056 |
+| SqlServer-2012-Database-1.19.org.default.xml | 282BCFAC931096F13AA661132D8E0BADF93A17034C98057A68DEC20D43612C88 | 438 |
+| SqlServer-2012-Database-1.19.xml | EA869867AE70E1ED3E80906C7CE800523071A95CB1DE72492F1DB20C4A924A9D | 86839 |
+| SqlServer-2012-Database-1.20.org.default.xml | 572218B2318BFB1F1160B2D1835DE985D09F269260038ED6CFE26573573C5014 | 438 |
+| SqlServer-2012-Database-1.20.xml | F01743D2CA5E914C215ECB13D86A5D58723DD7AB7C328B81D284911DEFA0D9C4 | 86785 |
+| SqlServer-2012-Instance-1.19.org.default.xml | D78829081352C7766AB1E9639C1649A46FDAD69819BCE14599CB3A5C096DF4E6 | 1098 |
+| SqlServer-2012-Instance-1.19.xml | 1313489DECFD7B137F53C9A55DA8068075CDD8015DBE24AEC77CC4276D910185 | 725272 |
+| SqlServer-2012-Instance-1.20.org.default.xml | BB9345EFCFBDB1FDCF731620B233BBD6B1CFD8856A25422D753D9D668D850860 | 1098 |
+| SqlServer-2012-Instance-1.20.xml | 6E8F27FE02ACF7877AB36F90F8C2CADCD8A93A3500288D41EF06070E7C992C66 | 717809 |
+| SqlServer-2016-Instance-2.7.org.default.xml | B966FDBE624E10243DFC71F153A7656F50A414E9A41C7DFAB286318C7783D67F | 623 |
+| SqlServer-2016-Instance-2.7.xml | 689D85FE26F58624FA6493992501D1EB565376805FFF1BAB1EDF2F9B6875C416 | 553591 |
+| SqlServer-2016-Instance-2.8.org.default.xml | 8F7BABE8A06CF091B7BA30D9A7038CE055D18036A0CE47EE5E89C01FDCEBC0BD | 623 |
+| SqlServer-2016-Instance-2.8.xml | 91D9A3D72336382ED3B2FABCD2311BCCA43302B9774085A0F93443879867C923 | 554296 |
+| Ubuntu-18.04-2.10.org.default.xml | 69E03214AA101407BE74394CE1D2CBCD133EDA7AFEFF2C2E3F05D84201195403 | 6920 |
+| Ubuntu-18.04-2.10.xml | 8EA37985B73C1114235CA1E20611896E37969C56D13ABC5F43B08E78A696720A | 491684 |
 | Ubuntu-18.04-2.9.org.default.xml | 937F52BBA9FD68C3E227705A6B7A64EB934B9042C2FBFA7DFE26FAB515135521 | 6922 |
 | Ubuntu-18.04-2.9.xml | 5180802F8E98B6B0B113BFC23EF235600690E753BED9C3C11ED8920A69E0C13A | 486825 |
-| Vsphere-6.5-2.2.org.default.xml | A9EE6773BD2F1593A0E33BD4E048AD43DE3E5709E5BE089CBBF7FB3C4B30288A | 782 |
-| Vsphere-6.5-2.2.xml | F7324FB4B6CDF705560BA1DA66AE1EB4A538BDC78D768813B3D1C367D2B4964B | 142766 |
-| Vsphere-6.5-2.3.org.default.xml | E7BDBC6948AA1E0999792F9054C2065B4AD0AD304B7F033D1378270A355D715D | 782 |
-| Vsphere-6.5-2.3.xml | 4E152C8A94517F45022D1C0BB8E5F3D3646D8CD1B4747C00034B3E646F1E678C | 144921 |
-| WindowsClient-10-2.4.org.default.xml | E0BB6F34998B2D1B9E7E25A7C9EA5ED43E448EF0EC3BF8CE9F030C5DA3A33037 | 5989 |
-| WindowsClient-10-2.4.xml | 9F90E8AAE9CEF0987D1BB5E2EE00254CFF504EA0B995D54100767AE4FB1B3F98 | 534076 |
+| Vsphere-6.5-2.2.org.default.xml | 9050F39FC140A633AD41A884A3E0F87720EFA566C91E82E74A13B918B8C04323 | 797 |
+| Vsphere-6.5-2.2.xml | E3A2F2D4C89416D14A8F3AB4DC6A5444DEA9683AFB2A21A653749995F289AD24 | 144122 |
+| Vsphere-6.5-2.3.org.default.xml | B8539D6118706486E3F451AC2466FE5BABC1C9DB30C1A48C80D3FFA32354056E | 797 |
+| Vsphere-6.5-2.3.xml | DE07939A8EC08F52E77FF411FF04359FCE02035C5038B70FBA2ADC42B994BEAA | 146293 |
+| WindowsClient-10-2.4.org.default.xml | FDC65417DFF986055A4CE952B575479EE650DC566D4C5C35CEB3B5B2140EE207 | 6086 |
+| WindowsClient-10-2.4.xml | C326D08FFA97F42AE5EFF12E50DC4925C8E240C20D6FD4DFDF74F9174A5B8482 | 540794 |
 | WindowsClient-10-2.5.org.default.xml | E39DBCAAC643D0CF020B3FDE5C655963B614DA55D7FF0264D55348234C5318BB | 6086 |
-| WindowsClient-10-2.5.xml | 519508254CFDE17F0308F8CA4FBE523567B618351ADBA0DC3103E9EE65D5067D | 534039 |
+| WindowsClient-10-2.5.xml | F37EBE9608CB4C0997AED5BA9F1A0C7ABFE3379CF7E81418E0639EF4CE5052CF | 540755 |
 | WindowsClient-11-1.2.org.default.xml | C03F1939072743A5F17C771C3E120976996FA159D293064EB8B4FEBBD3EF6070 | 5988 |
 | WindowsClient-11-1.2.xml | B0D8BC1B572AB08ACBD4CFEF99E88A2B4AAD80772C05C904A8F7FA916FDCD9B9 | 520538 |
-| WindowsDefender-All-2.3.org.default.xml | 2EF81E87FDF1D24158DCD2BFD2176921ED21ABBEA2C29ED14096EEEA54F8EB40 | 1065 |
-| WindowsDefender-All-2.3.xml | 34B17B00509BA3F4934861F383E2C133FCA2F19C65F38AA6DB77DBC9B0728A24 | 95099 |
-| WindowsDefender-All-2.4.org.default.xml | 96EA1084F1F2A3C9860013346ACCD29A805A73D79E6A313E759CDBC775A906E8 | 1065 |
-| WindowsDefender-All-2.4.xml | 6657A5CD51F7396976A05A03D3EDB358303D1D320935B51A953765E77063EF6C | 95829 |
-| WindowsDnsServer-2012R2-2.4.org.default.xml | 7A37266D66DFDB51BDCE149BF242559529AE0A3CB111EE3D7124CB02BFDC6B3F | 297 |
-| WindowsDnsServer-2012R2-2.4.xml | 597FE2821DDF156B17D136FF132AEF287E7CC60DB6263CA256385197CDBA24B6 | 241691 |
-| WindowsDnsServer-2012R2-2.5.org.default.xml | 5C4EAECF345C25E9688AA38AFEC397FFA392213486C8E9B0FA06B080AECA50A7 | 297 |
-| WindowsDnsServer-2012R2-2.5.xml | 5E54B2B89FA2E07B721B5461C2BBC2A4C831D696198D6EFD02D344C01CF22C9D | 242163 |
-| WindowsFirewall-All-1.7.org.default.xml | BF71BCE35DD772AA32964B7E6E3A20FCDAAA24C494FC51E58DEA5DB6DEFFC0EB | 945 |
-| WindowsFirewall-All-1.7.xml | 2B8E3CC4782FB3DC7718C1E6E75A7638E5CE7BEF417FA37530C807FEEF9355AF | 64830 |
-| WindowsFirewall-All-2.1.org.default.xml | 1EAC25EE60798B820C06DC8895361F69E31ED9A2950A8D3E86053F6BD9357C06 | 957 |
-| WindowsFirewall-All-2.1.xml | DE85F4E98D148246857F5C7356437371167BD9BB41BE3ABFF3E8B0B66BB12848 | 65807 |
-| WindowsServer-2012R2-DC-3.3.org.default.xml | 836CCA23864E7ACBC60CD988879F95BAE5E6F08CFAF0F0A60D54360848AE920F | 6935 |
-| WindowsServer-2012R2-DC-3.3.xml | B257636D672651195B540336EEBE4A216E98041493FC85980CB71373E4CFCCC6 | 765949 |
-| WindowsServer-2012R2-DC-3.4.org.default.xml | A727A575B307945E8430081B484383F732FAB7153EC0F14E3F33DB6D7BEACEEB | 6812 |
-| WindowsServer-2012R2-DC-3.4.xml | 3E89014E572DA400DA8D668985317D940B688AA856569F2BC56606CF43C32C86 | 764218 |
-| WindowsServer-2012R2-MS-3.3.org.default.xml | 1E04A871219379FF22D44916C0CE4143979F5082C9BAE9678D0DE29C638F1668 | 6377 |
-| WindowsServer-2012R2-MS-3.3.xml | 19C5930FBA78D6D4D619E9CAEEA505F63EAD73A600D220BBB33BF5EA98B40F02 | 661643 |
-| WindowsServer-2012R2-MS-3.4.org.default.xml | EFDC3D61F4DE48302E1AF28FB8C84F165AFA5BC67323EF87C32B653623D6D384 | 6254 |
-| WindowsServer-2012R2-MS-3.4.xml | 71559E19258D176E6E4FADC311A7DA1235DAE285EB02C4AC690567117EF3ED71 | 659969 |
-| WindowsServer-2016-DC-2.4.org.default.xml | 48F25F35D1F8DB5401FE38088B58E4822EA38A8244D266EC3B699A262CDB8A5C | 5901 |
-| WindowsServer-2016-DC-2.4.xml | 0DB57634F42E73C46EAC3BC932954927A8932887721B4035BDB48197F954773A | 550779 |
-| WindowsServer-2016-DC-2.5.org.default.xml | CBDFDF1C21BD31D29ABEAA2B9A8E1F6D6A2B25A3D8D2460F6BD8FC04849E9FDA | 5901 |
-| WindowsServer-2016-DC-2.5.xml | C3D3D5B3F8138A91AC036D4AD6EB78893F41C3AFA9358A52B9147777CAC3EBBC | 551071 |
-| WindowsServer-2016-MS-2.4.org.default.xml | F196F497D58C066D3F1566AB048F8D55DA7AE75CF6E42834CAF4066BE4564545 | 6015 |
-| WindowsServer-2016-MS-2.4.xml | 26ADB3522D644C726C5855D980B295BFA8EB6C3EF8B44C5DB892CF728F7C48EE | 474194 |
-| WindowsServer-2016-MS-2.5.org.default.xml | C573B016540D824D448A9EC5FE004ED963A223B5DE09F693CF276CD1A0E155BE | 6014 |
-| WindowsServer-2016-MS-2.5.xml | 33B6553EEEF755D1DBE476DE1C81F0722C4DBA8694CA77F2262A986FEB5DA03B | 474790 |
-| WindowsServer-2019-DC-2.4.org.default.xml | 683B2A4EE968FBF488C563122DFE55304A0EA37C5843A510DFC5C8459BB0DD55 | 6002 |
-| WindowsServer-2019-DC-2.4.xml | 77AFD942245805482D991269FC32B5D4F9C1D6FBAEC00C2EB274CA4418D03CA2 | 558030 |
+| WindowsDefender-All-2.3.org.default.xml | C0577AA9DBF69E5CC7323B458E8D956A678FBC20D1786CD5FF972BABF8B3BD08 | 1088 |
+| WindowsDefender-All-2.3.xml | 9B56A4155EC35DC5D1E5E502367513DA01FFCDC02D5FF674A1D184C78BA575A0 | 96015 |
+| WindowsDefender-All-2.4.org.default.xml | 38BA1392F6B093D85D8A6289E4D2C76687BBA2F3E4077681917DD2A841CD8102 | 1088 |
+| WindowsDefender-All-2.4.xml | FE2A715FF673114A8571FFB92D364072D7B0FBD67B2477A616F3F24D2748D12F | 96852 |
+| WindowsDnsServer-2012R2-2.4.org.default.xml | E0665B930674B4382F93865B8F0FEE6D9ADCC2CDD263EC06D5ECBBC8751EE62A | 305 |
+| WindowsDnsServer-2012R2-2.4.xml | 12849FAFEADA9477E79C42C19AF5636772AF682B3BDEB40C71393F57ACC537DA | 244440 |
+| WindowsDnsServer-2012R2-2.5.org.default.xml | 331B93A209C36BC1DBB5760FBA8F2BF5E0788E7A4D47C58A0697570882B280DB | 305 |
+| WindowsDnsServer-2012R2-2.5.xml | FC766E2AE054AE1E898263A49CDFE61A3F029C56B5BE7C7F6ED81F6115E86873 | 244914 |
+| WindowsFirewall-All-1.7.org.default.xml | 64E9FFA9B456C36DD36B5824BF641E473931B5C350F473DDFFDF31B1B64DD016 | 966 |
+| WindowsFirewall-All-1.7.xml | BBB13C6D675EB591D972EF8AD9B46472CFE80FCAD76E9D453586E6BE430F01B6 | 65518 |
+| WindowsFirewall-All-2.1.org.default.xml | 54A9F5D8C7E859CFC8C177DFCD4621814166A4DC6FD1967BAB03062B17489949 | 978 |
+| WindowsFirewall-All-2.1.xml | C2D9F1754E8F3A537448E73A1F627E94E72F2A5A7900939E5823B6AD694CC617 | 66534 |
+| WindowsServer-2012R2-DC-3.3.org.default.xml | 8040D5FDCF6EC673550168EECBAA8295DE37CE261D5F6679C57CE3A39150FE71 | 7046 |
+| WindowsServer-2012R2-DC-3.3.xml | F43AB8FA145C575EC2887F94029613F70AA1DD0B6B4074624593564EDA44C98A | 775734 |
+| WindowsServer-2012R2-DC-3.4.org.default.xml | 5423A10BF684CB3FA5F64C77670BA1AA3C94A69FE176065C9720B763019B35C4 | 6921 |
+| WindowsServer-2012R2-DC-3.4.xml | 47373591AF4F0186F7949C5354A73A277DFC158211A5A49CB4F23D6AC3F98563 | 773991 |
+| WindowsServer-2012R2-MS-3.3.org.default.xml | 30D3509BF3AA9BA29E82E5EDFCA82AE8DBDF450A6A178B8A3A61568A56F0E18A | 6476 |
+| WindowsServer-2012R2-MS-3.3.xml | A415746E95E262FE7547687C22B89555694C47A40C182F1E4AE403AF7DF460A4 | 670131 |
+| WindowsServer-2012R2-MS-3.4.org.default.xml | 50F77131D17E1FE349CB81FBC8FE7278DEBB09A3321F75D92B9F3AC85352D869 | 6351 |
+| WindowsServer-2012R2-MS-3.4.xml | BBC62A7ADC3365A3AED0067051712C3643FFAAB9157129E0FEE322768036E4AA | 668445 |
+| WindowsServer-2016-DC-2.4.org.default.xml | C6F13BDEC76ECC5F02317296D189312D401A9522D6B65F478B4CBB5D2FB39ACE | 5996 |
+| WindowsServer-2016-DC-2.4.xml | 411E53051F5154C377653359438BF3633240D74957A814664EE3A97A7022F069 | 558255 |
+| WindowsServer-2016-DC-2.5.org.default.xml | A051E222710532B44CD2A67A0D953344D53CA5FB38BE49DDD69941D16B7AD50C | 5996 |
+| WindowsServer-2016-DC-2.5.xml | E7BBB817054921AD9CC22912A6ECBE418D14F3A706694A2A9D03EFB62C9121B3 | 558541 |
+| WindowsServer-2016-MS-2.4.org.default.xml | 4597212B8DC738BC901EE25CDA3EDA04F49D3F53A873EA4063CFA864C2DCF37D | 6108 |
+| WindowsServer-2016-MS-2.4.xml | 3C2B4FFE25FD8BA3A4702A07AFE4E4074AD31E9749C83D5375B6FF4C443DCA65 | 480555 |
+| WindowsServer-2016-MS-2.5.org.default.xml | 28A6CC76C5C22C10C57B9F3F37BB023CA151CF4DB877CF6E5C07B5AF1166E6A9 | 6107 |
+| WindowsServer-2016-MS-2.5.xml | BB49ECFFFEC86C4F01311491935BCF2F11981E523A08FB0712025511C1425FED | 481151 |
+| WindowsServer-2019-DC-2.4.org.default.xml | 0094F20B2B061FF05BD885B213776F7ADBC7E2D75EEEC66CB994281CE19891DC | 6095 |
+| WindowsServer-2019-DC-2.4.xml | 4CCF9BC6032C0EC069D1CD3BBCBCC55DC598D5815593F6B6903753E0ED8C5B2B | 565567 |
 | WindowsServer-2019-DC-2.5.org.default.xml | 2B3EBC94F5503C005071520D4487334E047241231F81A7154F2A07EE21B20104 | 6095 |
-| WindowsServer-2019-DC-2.5.xml | 667BBBFD0731C0B1CDE0D6811382DFE59031DA4BA02A1B00DC18FF3497C95182 | 558239 |
-| WindowsServer-2019-MS-2.4.org.default.xml | 8F9E845B06B92DCEABF081B2B80F3D37F2C833181D352339034889187C9B92EB | 5938 |
-| WindowsServer-2019-MS-2.4.xml | 4E699813B3A6B360729729993740D2B1E597CD83E852AB00FBA7F49FE2F9EC38 | 481067 |
+| WindowsServer-2019-DC-2.5.xml | 6D2683085611516785604724BBFD4DFB6D773E78ED3662D055D9B0BE7EB216FD | 565775 |
+| WindowsServer-2019-MS-2.4.org.default.xml | CABC2B5A3691044BCDD96E1ACA53B997BCCB14BC41927A4EFAC68E11F80686D5 | 6027 |
+| WindowsServer-2019-MS-2.4.xml | EED082B900AC5D0F68FC8EF060D801CE357F42895A4A5A324B2137DCFAE9F77C | 487488 |
 | WindowsServer-2019-MS-2.5.org.default.xml | C11EF1E1576DDFA46432BE2A202A2BF520652CC21B475B217150AAF3F158CBB1 | 6027 |
-| WindowsServer-2019-MS-2.5.xml | B1996B3BDF822010F82BD2B3932359957830F086DA3CD1EFB581DBF9D151486B | 481486 |
+| WindowsServer-2019-MS-2.5.xml | 6B5BFDFD3A668D0F3307DB87CC686ADB4AF84FF0D42BAE6898E61D6C3075D8C6 | 487906 |
+| WindowsServer-2022-DC-1.1.org.default.xml | A84DA0AA242D80FB25A68E417D05A315D0EFFC33B4A1F626096984CCB46277AA | 6222 |
+| WindowsServer-2022-DC-1.1.xml | E41B69D3EA64BD9C4406BA39697BBB75D2D230CF5844D4DEE3EC1C50CE57C04D | 565193 |
+| WindowsServer-2022-MS-1.1.org.default.xml | E2F3863090F2E81F6E19432881BEEFC6D620C2D05AE5E06DAF7A824117A4F339 | 6154 |
+| WindowsServer-2022-MS-1.1.xml | CC4041ABCB8AE786245D738927D1CA6EA23711B6BE2338872B95ECE3C6B9B599 | 488173 |

README.md

@@ -72,7 +72,7 @@ For detailed information, please see the [StigData Wiki](https://github.com/Micr
 
 PowerStig.DSC is not really a specific module, but rather a collection of PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items in each STIG.
 Each composite uses [PowerStig.Data](#powerstigdata) classes to retrieve PowerStig XML.
-This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can them be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
+This allows the PowerStig.Data classes to manage exceptions, Org settings, and skipped rules uniformly across all composite resources. The standard DSC ResourceID's can then be used by additional automation to automatically generate compliance reports or trigger other automation solutions.
 
 ### Composite Resources
 
@@ -80,10 +80,23 @@ The list of STIGs that we are currently covering.
 
 |Name|Description|
 | ---- | --- |
-|[Browser](https://github.com/Microsoft/PowerStig/wiki/Browser) | Provides a mechanism to manage Browser STIG settings. |
+|[Adobe](https://github.com/Microsoft/PowerStig/wiki/Adobe)| Provides a mechanism to manage Adobe STIG settings.|
+|[Chrome](https://github.com/Microsoft/PowerStig/wiki/Chrome)| Provides a mechanism to manage Google Chrome STIG settings.|
 |[DotNetFramework](https://github.com/Microsoft/PowerStig/wiki/DotNetFramework) | Provides a mechanism to manage .Net Framework STIG settings. |
+|[Edge](https://github.com/Microsoft/PowerStig/wiki/Edge) | Provides a mechanism to manage Microsoft Edge STIG settings. |
+|[Firefox](https://github.com/Microsoft/PowerStig/wiki/Firefox) | Provides a mechanism to manage Firefox STIG settings. |
+|[IisServer](https://github.com/Microsoft/PowerStig/wiki/IisServer) | Provides a mechanism to manage IIS Server settings. |
+|[IisSite](https://github.com/Microsoft/PowerStig/wiki/IisSite) | Provides a mechanism to manage IIS Site settings. |
+|[InternetExplorer](https://github.com/Microsoft/PowerStig/wiki/InternetExplorer) | Provides a mechanism to manage Microsoft Internet Explorer settings. |
+|[McAfee](https://github.com/Microsoft/PowerStig/wiki/McAfee) | Provides a mechanism to manage McAfee settings. |
 |[Office](https://github.com/Microsoft/PowerStig/wiki/Office) | Provides a mechanism to manage Microsoft Office STIG settings. |
+|[OracleJRE](https://github.com/Microsoft/PowerStig/wiki/OracleJRE) | Provides a mechanism to manage Oracle Java Runtime Environment STIG settings. |
+|[RHEL](https://github.com/Microsoft/PowerStig/wiki/RHEL) | Provides a mechanism to manage RedHat Enterprise Linux STIG settings. |
 |[SqlServer](https://github.com/Microsoft/PowerStig/wiki/SqlServer) | Provides a mechanism to manage SqlServer STIG settings. |
+|[Ubuntu](https://github.com/Microsoft/PowerStig/wiki/Ubuntu) | Provides a mechanism to manage Ubuntu Linux STIG settings. |
+|[Vsphere](https://github.com/Microsoft/PowerStig/wiki/Vsphere) | Provides a mechanism to manage VMware Vsphere STIG settings. |
+|[WindowsClient](https://github.com/Microsoft/PowerStig/wiki/WindowsClient) | Provides a mechanism to manage Windows Client STIG settings. |
+|[WindowsDefender](https://github.com/Microsoft/PowerStig/wiki/WindowsDefender) | Provides a mechanism to manage Windows Defender STIG settings. |
 |[WindowsDnsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsDnsServer) | Provides a mechanism to manage Windows DNS Server STIG settings. |
 |[WindowsFirewall](https://github.com/Microsoft/PowerStig/wiki/WindowsFirewall) | Provides a mechanism to manage the Windows Firewall STIG settings. |
 |[WindowsServer](https://github.com/Microsoft/PowerStig/wiki/WindowsServer) | Provides a mechanism to manage the Windows Server STIG settings. |
@@ -134,3 +147,4 @@ We are especially thankful for those who have contributed pull requests to the c
 * [@mikedzikowski](https://github.com/mikedzikowski) (Mike Dzikowski)
 * [@togriffith](https://github.com/mikedzikowski) (Tony Griffith)
 * [@hinderjd](https://github.com/hinderjd) (James Hinders)
+* [@ruandersMSFT](https://github.com/ruandersMSFT) (Russell Anderson)

source/Module/Common/Convert/Data.ps1

@@ -86,6 +86,8 @@ data exclusionRuleList
         V-204440 = 'RHEL: At present, unable to automate rule'
         V-204456 = 'RHEL: At present, unable to automate rule'
         V-228564 = 'RHEL: At present, unable to automate rule'
+        V-251704 = 'RHEL: At present, unable to automate rule'
+        V-255927 = 'RHEL: At present, unable to automate rule'
         V-219151 = 'Ubuntu: At present, unable to automate rule'
         V-219155 = 'Ubuntu: At present, unable to automate rule'
         V-219164 = 'Ubuntu: At present, unable to automate rule'
@@ -103,6 +105,16 @@ data exclusionRuleList
         V-219326 = 'Ubuntu: At present, unable to automate rule'
         V-219331 = 'Ubuntu: At present, unable to automate rule'
         V-219341 = 'Ubuntu: At present, unable to automate rule'
+        V-219159 = 'Ubuntu: At present, unable to automate rule'
+        V-219163 = 'Ubuntu: At present, unable to automate rule'
+        V-219228 = 'Ubuntu: At present, unable to automate rule'
+        V-219229 = 'Ubuntu: At present, unable to automate rule'
+        V-219230 = 'Ubuntu: At present, unable to automate rule'
+        V-219231 = 'Ubuntu: At present, unable to automate rule'
+        V-219232 = 'Ubuntu: At present, unable to automate rule'
+        V-219233 = 'Ubuntu: At present, unable to automate rule'
+        V-219330 = 'Ubuntu: At present, unable to automate rule'
+        V-255907 = 'Ubuntu: At present, unable to automate rule'
         V-235722 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235753 = 'Edge: Rule requires an unknown list and count of whitelisted domains, unable to automate rule'
         V-235755 = 'Edge: Rule requires an unknown list and count of whitelisted extensions, unable to automate rule'

source/Module/Common/Functions.XccdfXml.ps1

@@ -451,6 +451,7 @@ function Split-BenchmarkId
             # The Windows Server 2012 and 2012 R2 STIGs are combined, so return the 2012R2
             $id = $id -replace '_2012_', '_2012R2_'
             $returnId = $id -replace ($windowsVariations -join '|'), 'WindowsServer'
+            $returnId = $returnId -replace 'MS_', ''
             continue
         }
         {$PSItem -match "Active_Directory"}
@@ -514,8 +515,8 @@ function Split-BenchmarkId
         {$PSItem -match 'Ubuntu'}
         {
             $ubuntuId = $id -split '_'
-            $ubuntuVersion = $ubuntuId[3] -replace '-', '.'
-            $returnId = '{0}_{1}' -f $ubuntuId[2], $ubuntuVersion
+            $ubuntuVersion = $ubuntuId[-1] -replace '-', '.'
+            $returnId = '{0}_{1}' -f $ubuntuId[-2], $ubuntuVersion
             continue
         }
         default

source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1

@@ -67,6 +67,9 @@ class AuditPolicyRuleConvert : AuditPolicyRule
             {$_.Name -eq 'subcategory'}
         ).Value
         
+        # Windows STIGS have 'Audit Audit' as part of the string, but the actual policy is 'Audit Policy Change'
+        $thisSubcategory = $thisSubcategory -replace 'Audit Audit', 'Audit'
+
         if (-not $this.SetStatus($thisSubcategory))
         {
             $this.set_Subcategory($thisSubcategory.trim())

source/PowerStig.psd1

@@ -6,7 +6,7 @@
     RootModule = 'PowerStig.psm1'
 
     # Version number of this module.
-    ModuleVersion = '4.15.0'
+    ModuleVersion = '4.16.0'
 
     # ID used to uniquely identify this module
     GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3'

source/StigData/Archive/Chrome/U_Google_Chrome_STIG_V2R7_Manual-xccdf.log

@@ -10,4 +10,4 @@ V-221588::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-221596::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'AutoplayAllowlist'; ValueType = 'MultiString';  ValueData = $null; OrganizationValueTestString = "{0} -eq 'a list of administrator-approved URLs"}
 V-234701::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'SSLVersionMin'; ValueType = 'String';  ValueData = 'tls1.2'}
 V-245539::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Absent'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome'; ValueName = 'CookiesSessionOnlyForUrls'}
-V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}
+V-221572::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist'; ValueName = 'CookiesSessionOnlyForUrls'; ValueType = 'String'; ValueData = 'javascript://*'}

source/StigData/Archive/Linux.RHEL/U_RHEL_7_STIG_V3R10_Manual-xccdf.log

@@ -22,7 +22,7 @@ V-204511::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; Contains
 V-204512::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audisp/audisp-remote.conf'; OrganizationValueTestString = 'the "network_failure_action" option is set to "SYSLOG", "SINGLE", or "HALT"; i.e.: "network_failure_action = syslog" '}
 V-204515::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/audit/auditd.conf'; OrganizationValueTestString = 'the value of the "action_mail_acct" keyword is set to "root" and/or other accounts for security personnel; i.e.: "action_mail_acct = root" '}
 V-204576::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null; FilePath = '/etc/security/limits.d/204576-powerstig.conf'; OrganizationValueTestString = 'the "maxlogins" value is set to "10" or less '}
-V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
+V-204579::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/profile.d/tmout.sh'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile.d/tmout.sh'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/bashrc'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/etc/profile'; OrganizationValueTestString = 'the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.'}
 V-204584::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'kernel.randomize_va_space = 2'; FilePath = '/etc/sysctl.d/204584-powerstig.conf'}
 V-204609::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.accept_source_route = 0'; FilePath = '/etc/sysctl.d/204609-powerstig.conf'}
 V-204610::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = 'net.ipv4.conf.all.rp_filter = 1'; FilePath = '/etc/sysctl.d/204610-powerstig.conf'}
@@ -40,4 +40,4 @@ V-237635::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = $null
 V-244557::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/grub2/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/grub2/grub.cfg'}
 V-244558::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = $null; DoesNotContainPattern = $null; FilePath = '/boot/efi/EFI/redhat/grub.cfg'; OrganizationValueTestString = '"set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg'}
 V-250314::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; Contents = '%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL'; FilePath = '/etc/sudoers.d/250314-powerstig.conf'}
-V-251704::*::HardCodedRule(ManualRule)@{DscResource = 'None'}
+V-255926::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = $null; OrganizationValueTestString = 'Specify either tmux or screen depending on preference'}

source/StigData/Archive/Linux.Ubuntu/U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.log

@@ -8,3 +8,4 @@ V-219303::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc
 V-219306::*::HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'auth.*,authpriv.* /var/log/secure'; DoesNotContainPattern = '#\s*auth\.\*,\s*authpriv\.\*.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'daemon.notice /var/log/messages'; DoesNotContainPattern = '#\sdaemon.*'; FilePath = '/etc/rsyslog.d/50-default.conf'}
 V-219307::Ciphers aes256-ctr,aes192-ctr, aes128-ctr::Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 V-219339::*::HardCodedRule(nxFileRule)@{DscResource = 'nxFile'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'install usb-storage /bin/true'; DoesNotContainPattern = '#\s*install\s*usb-storage\s*/bin/true'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}<splitRule>HardCodedRule(nxFileLineRule)@{DscResource = 'nxFileLine'; ContainsLine = 'blacklist usb-storage'; DoesNotContainPattern = '#\s*blacklist\s*usb-storage'; FilePath = '/etc/modprobe.d/DISASTIG.conf'}
+V-219343::*::HardCodedRule(nxPackageRule)@{DscResource = 'nxPackage'; Ensure = 'Present'; Name = 'aide'}

source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.log

@@ -31,8 +31,8 @@ V-223355::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; En
 V-223358::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'usecrlchasing' ;ValueType = 'Dword'; ValueData = '1'}
 V-223376::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Project\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223377::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\powerpoint\security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
+V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 3|4"}
 V-223393::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Visio\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223417::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
 V-223309::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility'; ValueData = 'Block all Flash activation'; ValueName = 'COMMENT'; ValueType = 'String'}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Server_STIG_V2R8_Manual-xccdf.log

@@ -1,6 +1,6 @@
 V-218790::This check does not apply to service account IDs utilized by automated services necessary to process, manage, and store log files::If an account associated with roles other than auditors
 V-218821::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'; ValueData = 0; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 1; ValueName = 'DisabledByDefault'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}<splitRule>HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server'; ValueData = 0; ValueName = 'Enabled'; ValueType = 'DWORD'}
-V-218814::CREATOR OWNER: Full Control, Subfolders and files only::CREATOR OWNER: Full Control - Subfolders and files only
+V-218814::*::HardCodedRule(PermissionRule)@{DscResource = 'NTFSAccessEntry'; AccessControlEntry = @(@{Type = $null; Principal = 'System'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'Administrators'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'TrustedInstaller'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'FullControl'}, @{Type = $null; Principal = 'ALL APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'ALL RESTRICTED APPLICATION PACKAGES'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute'}, @{Type = $null; Principal = 'Users'; ForcePrincipal = 'False'; Inheritance = 'This folder subfolders and files'; Rights = 'ReadAndExecute,ListDirectory'}, @{Type = $null; Principal = 'CREATOR OWNER'; ForcePrincipal = 'False'; Inheritance = 'Subfolders and files only'; Rights = 'FullControl'}); Force = 'True'; Path = '%SystemDrive%\inetpub'}
 V-218805::Under Time-out (in minutes), verify “20 minutes or less” is selected.::Verify the "Time-out (in minutes)" is set to "20 minutes or less".
 V-241788::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters'; ValueData = 1; ValueName = 'DisableServerHeader'; ValueType = 'DWORD'}
 V-218785::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebAdministration'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}

source/StigData/Archive/Web Server/U_MS_IIS_8-5_Site_STIG_V2R7_Manual-xccdf.log

@@ -2,4 +2,4 @@ V-214465::If the "maxAllowedContentLength" value is not explicitly set to "30000
 V-214444::System Administrator::""
 V-214448::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebsite'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}
 V-214484::*::.
-V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = "'Time,Schedule'"}
+V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; OrganizationValueRequired = 'true'; OrganizationValueTestString = "'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'"}

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_DC_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Archive/Windows.Server.2022/U_MS_Windows_Server_2022_MS_STIG_V1R1_Manual-xccdf.log

@@ -0,0 +1,19 @@
+V-254248::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct AntiVirus service information'}
+V-254255::*::''
+V-254265::*::HardCodedRule(ServiceRule)@{DscResource = 'Service'; Ensure = 'Present'; ServiceName = $null; ServiceState = 'Running'; StartupType = $null; OrganizationValueTestString = 'ServiceName/StartupType is populated with correct Firewall service information'}
+V-254291::"Minimum password length,"::"Minimum password length"
+V-254356::0x00000000 (0) (Security), 0x00000001 (1) (Basic)::0 or 1
+V-254357::0x00000000 (0) - No peering (HTTP Only)::0, 1, 2, 99 or 100
+V-254362::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254363::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254364::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254371::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254375::0x00000000 (0) (or if the Value Name does not exist)::0
+V-254443::DoD Root CA 3- DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477::DoD Root CA 3 - DoD Interoperability Root CA 2 - 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::Subject: CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US::Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US
+V-254443::Thumbprint: A8C27332CCB4CA49554CE55D34062A7DD2850C02::Thumbprint: 49CBE933151872E17C8EAE7F0ABA97FB610F6477
+V-254443::NotAfter: 8/26/2022 9:25:51 AM::NotAfter: 11/16/2024
+V-254458::*::HardCodedRule(RegistryRule)@{DscResource = 'Registry'; Ensure = 'Present'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'; ValueName = 'LegalNoticeCaption'; ValueType = 'String'; ValueData = $null; OrganizationValueTestString = "'{0}' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'"}
+V-254484::0x00000002 (2) (Prompt for consent on the secure desktop)::1 or 2
+V-254490::0x00000002 (2) (or if the Value Name does not exist)::2
+V-254499::- Administrators::- Administrators`r`nSystems that have the Hyper-V role will also have "Virtual Machines" given this user right (this may be displayed as "NT Virtual Machine\Virtual Machines", SID S-1-5-83-0). This is not a finding.

source/StigData/Processed/Google-Chrome-2.8.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-221563' -eq 'oiigbmnaadbkfbmpbfijlflahbdbdgdf | a list of administrator-approved extension IDs'-->
   <OrganizationalSetting id="V-221563" ValueData="" />
   <!-- Ensure 'V-221564' -eq 'an organization approved encrypted search provider'-->

source/StigData/Processed/Google-Chrome-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Apr 2022 3.3.0.27375 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="6/6/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="Google_Chrome_Current_Windows" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_Google_Chrome_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Google Chrome Current Windows Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/10/2023">
   <ManualRule dscresourcemodule="None">
     <Rule id="V-221584" severity="medium" conversionstatus="pass" title="SRG-APP-000456" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an older version of the browser can introduce security vulnerabilities to the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -268,7 +268,7 @@ This policy disables the listed protocol schemes in Google Chrome, URLs using a
       <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
-      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklis</Key>
+      <Key>HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist</Key>
       <LegacyId>V-44761</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
@@ -606,8 +606,8 @@ Windows method:
       <ValueType>Dword</ValueType>
     </Rule>
     <Rule id="V-221592" severity="medium" conversionstatus="pass" title="SRG-APP-000089" dscresource="RegistryPolicyFile">
-      <Description>&lt;VulnDiscussion&gt;If set to “False”, prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
-If set to “True” or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
+      <Description>&lt;VulnDiscussion&gt;If set to "False", prevents Chrome Cleanup from scanning the system for unwanted software and performing cleanups. Manually triggering Chrome Cleanup from chrome://settings/cleanup is disabled.
+If set to "True" or unset, Chrome Cleanup periodically scans the system for unwanted software and should any be found, will ask the user if they wish to remove it. Manually triggering Chrome Cleanup from chrome://settings is enabled.
 This policy is available only on Windows instances that are joined to a Microsoft Active Directory domain.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <Ensure>Present</Ensure>
@@ -620,7 +620,7 @@ This policy is available only on Windows instances that are joined to a Microsof
  1. In the omnibox (address bar) type chrome://policy
  2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding.
 Windows method:
- 1. Start regedit
+ 1. Start regedit.
  2. Navigate to HKLM\Software\Policies\Google\Chrome\
  3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding.</RawString>
       <ValueData>0</ValueData>

source/StigData/Processed/IISServer-10.0-2.7.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="11/28/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 27 Oct 2022 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="2/14/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -958,8 +958,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>System</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -967,8 +966,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Administrators</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -976,8 +974,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>TrustedInstaller</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -985,8 +982,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -994,8 +990,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL RESTRICTED APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -1003,8 +998,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Users</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute,ListDirectory</Rights>
         </Entry>
         <Entry>

source/StigData/Processed/IISServer-10.0-2.8.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure ''V-218785'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-218785" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-218805.a'' -le '00:20:00'-->

source/StigData/Processed/IISServer-10.0-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="8/23/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/14/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -805,6 +805,7 @@ If passwords have not been changed from the default, this is a finding.</RawStri
       <RawString>Note: If ASP.NET is not installed, this is Not Applicable.
 Note: If the Server is hosting Microsoft SharePoint, this is Not Applicable.
 Note: If the server is hosting WSUS, this is Not Applicable.
+Note: If the server is hosting Exchange, this is Not Applicable.
 
 Open the IIS 10.0 Manager.
 
@@ -812,7 +813,7 @@ Click the IIS 10.0 web server name.
 
 Double-click the ".NET Authorization Rules" icon.
 
-Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny" otherwise, this is a finding.
+Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny", otherwise this is a finding.
 If any other rules are present, this is a finding.</RawString>
     </Rule>
     <Rule id="V-218826" severity="medium" conversionstatus="pass" title="SRG-APP-000001-WSR-000001" dscresource="None">
@@ -958,8 +959,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>System</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -967,8 +967,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Administrators</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -976,8 +975,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>TrustedInstaller</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>FullControl</Rights>
         </Entry>
         <Entry>
@@ -985,8 +983,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -994,8 +991,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>ALL RESTRICTED APPLICATION PACKAGES</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute</Rights>
         </Entry>
         <Entry>
@@ -1003,8 +999,7 @@ If any OS shell MIME types are configured, this is a finding.
           </Type>
           <Principal>Users</Principal>
           <ForcePrincipal>False</ForcePrincipal>
-          <Inheritance>
-          </Inheritance>
+          <Inheritance>This folder subfolders and files</Inheritance>
           <Rights>ReadAndExecute,ListDirectory</Rights>
         </Entry>
         <Entry>
@@ -1532,7 +1527,7 @@ Double-click the "Error Pages" icon.
 
 Click any error message, and then click "Edit Feature Setting" from the "Actions" Pane. This will apply to all error messages.
 
-If the feature setting is not set to “Detailed errors for local requests and custom error pages for remote requests”, this is a finding.</RawString>
+If the feature setting is not set to "Detailed errors for local requests and custom error pages for remote requests", or "Custom error pages"  this is a finding.</RawString>
       <Value>DetailedLocalOnly</Value>
     </Rule>
     <Rule id="V-218820" severity="medium" conversionstatus="pass" title="SRG-APP-000439-WSR-000152" dscresource="xWebConfigKeyValue">

source/StigData/Processed/IISServer-8.5-2.5.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.3">
+<OrganizationalSettings fullversion="2.5">
   <!-- Ensure ''V-214400'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214400" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-214420.b'' -le '00:20:00'-->

source/StigData/Processed/IISServer-8.5-2.5.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R3_Manual-xccdf.xml" releaseinfo="Release: 3 Benchmark Date: 27 Oct 2021 3.2.2.36079 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.3" created="11/3/2021">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Server_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 8.5 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-214399" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -776,9 +776,10 @@ Open the IIS 8.5 Manager.
 
 Click the IIS 8.5 web server name.
 
-Double-click the “.NET Authorization Rules” icon.
+Double-click the ".NET Authorization Rules" icon.
 
-If any groups other than “Administrators” are listed, this is a finding.</RawString>
+Ensure "All Users" is set to "Allow", and "Anonymous Users" is set to "Deny", otherwise this is a finding.
+If any other rules are present, this is a finding.</RawString>
     </Rule>
     <Rule id="V-214442" severity="medium" conversionstatus="pass" title="SRG-APP-000001-WSR-000001" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a website, facilitating a Denial of Service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive (i.e., a parameter used to limit the amount of time a connection may be inactive).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>

source/StigData/Processed/IISSite-8.5-2.7.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.5">
+<OrganizationalSettings fullversion="2.7">
   <!-- Ensure ''V-214448'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-214448" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure 'V-214464' -le 4096-->
@@ -20,8 +20,6 @@
   <OrganizationalSetting id="V-214475" Value="00:20:00" />
   <!-- Ensure 'V-214485' -ne 0-->
   <OrganizationalSetting id="V-214485" Value="35000" />
-  <!-- Ensure 'V-214487' -ne 0-->
-  <OrganizationalSetting id="V-214487" Value="1000000" />
   <!-- Ensure ''V-214488'' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'-->
   <OrganizationalSetting id="V-214488" Value="'Time,Requests,Schedule,Memory,IsapiUnhealthy,OnDemand,ConfigChange,PrivateMemory'" />
   <!-- Ensure 'V-214489' -le 1000-->

source/StigData/Processed/IISSite-8.5-2.7.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Site_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Site_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 27 Jan 2022 3.2.2.36079 1.10.0" title="Microsoft IIS 8.5 Site Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="3/3/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_8-5_Site_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_8-5_Site_STIG_V2R7_Manual-xccdf.xml" releaseinfo="Release: 7 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft IIS 8.5 Site Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.7" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-214455" severity="medium" conversionstatus="pass" title="SRG-APP-000141-WSR-000082" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;IIS 8.5 will either allow or deny script execution based on file extension. The ability to control script execution is controlled through two features with IIS 8.5, “Request Filtering” and "Handler Mappings".
@@ -774,12 +774,15 @@ Satisfies: SRG-APP-000172-WSR-000104, SRG-APP-000224-WSR-000135, SRG-APP-000427-
       <OrganizationValueTestString />
       <RawString>Note: If the server being reviewed is a public IIS 8.5 web server, this is Not Applicable.
 Note: If the server is hosting Exchange, this is Not Applicable.
+Note: If the server is hosting SharePoint, this is Not Applicable.
 Note: If certificate handling is performed at the Proxy/Load Balancer, this is not a finding.
 
 Follow the procedures below for each site hosted on the IIS 8.5 web server:
 
 Open the IIS 8.5 Manager.
+
 Double-click the "SSL Settings" icon.
+
 Verify the "Clients Certificate Required" check box is selected.
 
 If the "Clients Certificate Required" check box is not selected, this is a finding.</RawString>
@@ -921,40 +924,14 @@ If the "Request Limit" is set to a value of "0", this is a finding.</RawString>
       <Value>
       </Value>
     </Rule>
-    <Rule id="V-214487" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
-      <Description>&lt;VulnDiscussion&gt;IIS application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks. By default, application pool recycling is overlapped, which means the worker process to be shut down is kept running until after a new worker process is started. After a new worker process starts, new requests are passed to it. The old worker process shuts down after it finishes processing its existing requests, or after a configured time-out, whichever comes first. This way of recycling ensures uninterrupted service to clients.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <Key>restartPrivateMemoryLimit</Key>
-      <LegacyId>V-76871</LegacyId>
-      <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} -ne 0</OrganizationValueTestString>
-      <RawString>Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable.
-
-If this IIS 8.5 installation is supporting Microsoft Exchange, and not otherwise hosting any content, this requirement is Not Applicable.
-
-Open the IIS 8.5 Manager.
-
-Perform the following for each Application Pool:
-
-Click "Application Pools".
-
-Highlight an Application Pool and click "Advanced Settings" in the "Action" Pane.
-
-Scroll down to the "Recycling" section and verify the value for "Private Memory Limit" is set to a value other than "0".
-
-If the "Private Memory Limit" is set to a value of "0", this is a finding.</RawString>
-      <Value>
-      </Value>
-    </Rule>
     <Rule id="V-214488" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
       <Description>&lt;VulnDiscussion&gt;Application pools can be periodically recycled to avoid unstable states possibly leading to application crashes, hangs, or memory leaks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <Key>logEventOnRecycle</Key>
       <LegacyId>V-76873</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
+      <OrganizationValueRequired>True</OrganizationValueRequired>
+      <OrganizationValueTestString>'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'</OrganizationValueTestString>
       <RawString>Note: Recycling Application Pools can create an unstable environment in a 64-bit SharePoint environment. If operational issues arise, with supporting documentation from the ISSO this check can be downgraded to a CAT III.
 
 Note: If the IIS Application Pool is hosting Microsoft SharePoint, this is Not Applicable.
@@ -963,24 +940,24 @@ Note: If the IIS Application Pool is hosting Microsoft Exchange and not otherwis
 
 Open the IIS 8.5 Manager.
 
-Click the “Application Pools”.
+Click the "Application Pools".
 
 Perform the following for each Application Pool:
 
-Highlight an Application Pool and click "Recycling" in the “Actions” pane.
+Highlight an Application Pool and click "Recycling" in the "Actions" pane.
 
 In the Recycling Conditions window, verify at least one condition is checked as desired by the organization. 
 
 If no conditions are checked, this is a finding.
 
-Click Next.
+Click "Next".
 
-In the Recycling Events to Log window, verify both the "Regular time interval" and "Specific time" boxes are selected.
+In the "Recycling Events to Log" window, verify both the "Regular time interval" and "Scheduled time" boxes are selected.
 
-If both the "Regular time interval" and "Specific time" options are not selected, this is a finding.
+If both the "Regular time interval" and "Scheduled time" options are not selected, this is a finding.
 
-Click Cancel.</RawString>
-      <Value>'Time,Schedule'</Value>
+Click "Cancel".</RawString>
+      <Value />
     </Rule>
     <Rule id="V-214489" severity="medium" conversionstatus="pass" title="SRG-APP-000516-WSR-000174" dscresource="xWebAppPool">
       <Description>&lt;VulnDiscussion&gt;In order to determine the possible causes of client connection errors and to conserve system resources, it is important to both log errors and manage those settings controlling requests to the application pool.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>

source/StigData/Processed/Office-365ProPlus-2.8.org.default.xml

@@ -5,17 +5,17 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.6">
+<OrganizationalSettings fullversion="2.8">
   <!-- Ensure 'V-223282' is 2|3|4-->
   <OrganizationalSetting id="V-223282" ValueData="3" />
   <!-- Ensure 'V-223288' is 6-->
   <OrganizationalSetting id="V-223288" ValueData="6" />
-  <!-- Ensure 'V-223311' is 2|3|4-->
+  <!-- Ensure 'V-223311' is 3|4-->
   <OrganizationalSetting id="V-223311" ValueData="3" />
   <!-- Ensure 'V-223333' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223333" ValueData="1" />
   <!-- Ensure 'V-223335' is 1|DoesNotExist-->
-<OrganizationalSetting id="V-223335" ValueData="1" />
+  <OrganizationalSetting id="V-223335" ValueData="1" />
   <!-- Ensure 'V-223340' is 0|DoesNotExist-->
   <OrganizationalSetting id="V-223340" ValueData="0" />
   <!-- Ensure 'V-223341' is 0|DoesNotExist-->
@@ -36,7 +36,7 @@
   <OrganizationalSetting id="V-223381" ValueData="0" />
   <!-- Ensure 'V-223388.a' is 1|DoesNotExist-->
   <OrganizationalSetting id="V-223388.a" ValueData="1" />
-  <!-- Ensure 'V-223392' is 2|3|4-->
+  <!-- Ensure 'V-223392' is 3|4-->
   <OrganizationalSetting id="V-223392" ValueData="3" />
   <!-- Ensure 'V-223393' is 2|3|4-->
   <OrganizationalSetting id="V-223393" ValueData="3" />

source/StigData/Processed/Office-365ProPlus-2.8.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R6_Manual-xccdf.xml" releaseinfo="Release: 6 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.6" created="8/23/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="MS_Office_365_ProPlus_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_Office_365_ProPlus_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Microsoft Office 365 ProPlus Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="2/3/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-223296" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring this setting could allow malicious code or users to become active on user computers or the network. For example, a malicious user can monitor and then use keystrokes that user's type into Internet Explorer. Even legitimate add-ons may demand resources, compromising the performance of Internet Explorer and the operating systems for user computers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -743,14 +743,13 @@ If you enable this policy setting, you can choose from four options for determin
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security</Key>
       <LegacyId>V-99697</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
-      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Application Settings &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "VBA macro Notification Settings" is set to "Enabled" and "Disable all except digitally signed macros" from the Options. 
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
+      <RawString>Verify the policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Excel 2016 &gt;&gt; Excel Options &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; "Macro Notification Settings" is set to "Enabled" and "Disable VBA macros except digitally signed macros" from the Options is selected.
 
 Use the Windows Registry Editor to navigate to the following key:
-
 HKCU\software\policies\Microsoft\office\16.0\excel\security
 
-If the value vbawarnings is REG_DWORD = 3, this is not a finding. Values of REG_DWORD = 2 or 4 are also acceptable. If the registry key does not exist or the value is REG_DWORD =1, this is a finding.</RawString>
+If the value vbawarnings is REG_DWORD = 3, this is not a finding. A value of REG_DWORD =  4 are also acceptable. If the registry key does not exist or is not configured properly, this is a finding.</RawString>
       <ValueData />
       <ValueName>vbawarnings</ValueName>
       <ValueType>Dword</ValueType>
@@ -1108,12 +1107,12 @@ Use the Windows Registry Editor to navigate to the following key:
 
 HKCU\software\policies\microsoft\office\16.0\excel\security\fileblock
 
-If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a finding.</RawString>
+If the value for xl95workbooks is REG_DWORD = 2, this is not a finding.</RawString>
       <ValueData>2</ValueData>
-      <ValueName>xl9597workbooksandtemplates</ValueName>
+      <ValueName>xl95workbooks</ValueName>
       <ValueType>Dword</ValueType>
     </Rule>
-    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="None">
+    <Rule id="V-223324" severity="medium" conversionstatus="pass" title="SRG-APP-000207" dscresource="RegistryPolicyFile">
       <Description>&lt;VulnDiscussion&gt;This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy setting, you can specify whether users can open, view, edit, or save files. The options that can be selected are below. Note: Not all options may be available for this policy setting.
 
 - Do not block: The file type will not be blocked.
@@ -1124,7 +1123,7 @@ If the value for xl9597workbooksandtemplates is REG_DWORD = 2, this is not a fin
 - Allow editing and open in Protected View: Both opening and saving of the file type will be blocked, and the option to edit will be enabled. 
 
 If you disable or do not configure this policy setting, the file type will not be blocked.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf>V-223323</DuplicateOf>
+      <DuplicateOf />
       <Ensure>Present</Ensure>
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\excel\security\fileblock</Key>
@@ -2936,7 +2935,7 @@ Therefore, if you created a list of trusted publishers in a previous version of
       <Key>HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security</Key>
       <LegacyId>V-99861</LegacyId>
       <OrganizationValueRequired>True</OrganizationValueRequired>
-      <OrganizationValueTestString>{0} is 2|3|4</OrganizationValueTestString>
+      <OrganizationValueTestString>{0} is 3|4</OrganizationValueTestString>
       <RawString>Set policy value for User Configuration &gt;&gt; Administrative Templates &gt;&gt; Microsoft Publisher 2016 &gt;&gt; Security &gt;&gt; Trust Center &gt;&gt; VBA Macro Notification Settings &gt;&gt; VBA Macro Notification Settings to "Enabled" "Disable all except digitally signed macros"
  
 Use the Windows Registry Editor to navigate to the following key: 

source/StigData/Processed/RHEL-7-3.10.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="3.8">
+<OrganizationalSettings fullversion="3.10">
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "difok" is set to less than "8", this is a finding." -->
   <OrganizationalSetting id="V-204411" ContainsLine="difok = 8" DoesNotContainPattern="#\s*difok\s*=.*|^\s*difok\s*=\s*(-|)[0-7]$" />
   <!-- Ensure that the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the value of "minclass" is set to less than "4", this is a finding." -->
@@ -38,6 +38,10 @@
   <OrganizationalSetting id="V-204576" Contents="* hard maxlogins 10" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/tmout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
   <OrganizationalSetting id="V-204579.b" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/bashrc" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.c" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
+  <OrganizationalSetting id="V-204579.d" ContainsLine="declare -xr TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If "ClientAliveInterval" has a value that is greater than "600" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding." -->
   <OrganizationalSetting id="V-204587" ContainsLine="ClientAliveInterval 600" DoesNotContainPattern="^\s*ClientAliveInterval\s*[0-5]?[0-9]?[0-9]?\s*$|^#\s*ClientAliveInterval.*|^\s*ClientAliveInterval\s*$" />
   <!-- Ensure the "Defaults timestamp_timeout=[value]" must be a number that is greater than or equal to "0" -->
@@ -46,4 +50,6 @@
   <OrganizationalSetting id="V-244557" ContainsLine="" DoesNotContainPattern="" />
   <!-- Ensure "set superusers =" is set to a unique name in /boot/efi/EFI/redhat/grub.cfg-->
   <OrganizationalSetting id="V-244558" ContainsLine="" DoesNotContainPattern="" />
+  <!-- Ensure Specify either tmux or screen depending on preference-->
+  <OrganizationalSetting id="V-255926" Name="" />
 </OrganizationalSettings>

source/StigData/Processed/Ubuntu-18.04-2.10.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.8">
+<OrganizationalSettings fullversion="2.9">
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the space_left_action parameter is set to "email" set the action_mail_acct parameter to an e-mail address for the System Administrator (SA) and Information System Security Officer (ISSO). If the space_left_action parameter is set to "exec", make sure the command being execute notifies the System Administrator (SA) and Information System Security Officer (ISSO).-->
   <OrganizationalSetting id="V-219152.a" ContainsLine="space_left_action = email" DoesNotContainPattern="^#\s*space_left_action.*" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: Set the space_left parameter to be, at least, 25% of the repository maximum audit record storage capacity. -->
@@ -34,7 +34,7 @@
   <OrganizationalSetting id="V-219226" ContainsLine="action_mail_acct = root" DoesNotContainPattern="#\s*action_mail_acct\s*=\s*root" />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding. -->
   <OrganizationalSetting id="V-219227" ContainsLine="disk_full_action = HALT" DoesNotContainPattern="#\s*disk_full_action.*|^\s*disk_full_action\s*=\s*(?!HALT\b)\w+" />
-    <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
+  <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the "maxlogins" item is missing, or the value is not set to 10 or less, or is commented out, this is a finding." -->
   <OrganizationalSetting id="V-219301" ContainsLine="* hard maxlogins 10" DoesNotContainPattern="^\s*\*\s*hard\s*maxlogins\s*([1][1-9]|[2-9]\d+|[1-9][0-9]\d+)$|^#\s*\*\s*hard\s*maxlogins." />
   <!-- Ensure the following statement is true when leveraging the correct nxFileLine ContainsLine format: "If the file "/etc/profile.d/autologout.sh" does not exist with the contents shown above, the value of "TMOUT" is greater than 900, or the timeout values are commented out, this is a finding.-->
   <OrganizationalSetting id="V-219303.b" ContainsLine="TMOUT=900" DoesNotContainPattern="^\s*TMOUT\s*=\s*[0-8]?[0-9]?[0-9]?$|^#\s*TMOUT.*" />

source/StigData/Processed/Ubuntu-18.04-2.10.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="U_CAN_Ubuntu_18-04_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_CAN_Ubuntu_18-04_LTS_STIG_V2R8_Manual-xccdf.xml" releaseinfo="Release: 8 Benchmark Date: 27 Jul 2022 3.3.0.27375 1.10.0" title="Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.8" created="9/1/2022">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="CAN_Ubuntu_18-04_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_CAN_Ubuntu_18-04_LTS_STIG_V2R10_Manual-xccdf.xml" releaseinfo="Release: 10 Benchmark Date: 26 Jan 2023 3.4.0.34222 1.10.0" title="Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.10" created="3/6/2023">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-219150" severity="medium" conversionstatus="pass" title="SRG-OS-000185-GPOS-00079" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive, when used for backups) within an operating system.
@@ -75,6 +75,46 @@ Check that the "AllowUnauthenticated" variable is not set at all or set to "fals
 /etc/apt/apt.conf.d/01-vendor-Ubuntu:APT::Get::AllowUnauthenticated "false";
 
 If any of the files returned from the command with "AllowUnauthenticated" set to "true", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219159" severity="medium" conversionstatus="pass" title="SRG-OS-000191-GPOS-00080" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.
+
+To support this requirement, the Ubuntu operating system may have an integrated solution incorporating continuous scanning using HBSS and periodic scanning using other tools, as specified in the requirement.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100545</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Check that the "mcafeetp" package has been installed:
+
+# dpkg -l | grep -i mcafeetp
+
+If the "mcafeetp" package is not installed, this is a finding.
+
+Check that the daemon is running:
+
+# /opt/McAfee/ens/tp/init/mfetpd-control.sh status
+
+If the daemon is not running, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219163" severity="low" conversionstatus="pass" title="SRG-OS-000383-GPOS-00166" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If cached authentication information is out-of-date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100553</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>If smart card authentication is not being used on the system this item is Not Applicable.
+
+Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
+
+Check that PAM prohibits the use of cached authentications after one day with the following command:
+
+# sudo grep offline_credentials_expiration /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
+
+offline_credentials_expiration = 1
+
+If "offline_credentials_expiration" is not set to a value of "1", in /etc/sssd/sssd.conf or in a file with a name ending in .conf in the /etc/sssd/conf.d/ directory, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219164" severity="low" conversionstatus="pass" title="SRG-OS-000480-GPOS-00226" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -186,17 +226,21 @@ If the output does not contain "sha512", or it is commented out, this is a findi
     <Rule id="V-219188" severity="medium" conversionstatus="pass" title="SRG-OS-000205-GPOS-00083" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by the organization.
 
-Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information, such as account numbers, social security numbers, and credit card numbers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information, such as account numbers, social security numbers, and credit card numbers.
+
+The /var/log/btmp, /var/log/wtmp, and /var/log/lastlog files have group write and global read permissions to allow for the lastlog function to perform. Limiting the permissions beyond this configuration will result in the failure of functions that rely on the lastlog database.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
       <IsNullOrEmpty>False</IsNullOrEmpty>
       <LegacyId>V-100603</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system has all system log files under the /var/log directory with a permission set to 640, by using the following command:
+      <RawString>Verify the Ubuntu operating system has all system log files under the /var/log directory with a permission set to "640", by using the following command:
 
-# sudo find /var/log -perm /137 -type f -exec stat -c "%n %a" {} \; 
+Note: The btmp, wtmp, and lastlog files are excluded. Refer to the Discussion for details.
 
-If command displays any output, this is a finding.</RawString>
+$ sudo find /var/log -perm /137 ! -name '*[bw]tmp' ! -name '*lastlog' -type f -exec stat -c "%n %a" {} \; 
+
+If the command displays any output, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219194" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
@@ -259,6 +303,162 @@ Check that the "logout" target is not bound to an action with the following comm
 logout=''
 
 If the "logout" key is bound to an action, is commented out, or is missing, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219228" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100683</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files have a mode of "0600" or less permissive.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files have a mode of "0600" or less by using the following command:
+
+# sudo stat -c "%n %a" /var/log/audit/*
+/var/log/audit/audit.log 600
+
+If the audit log files have a mode more permissive than "0600", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219229" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100685</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files are owned by "root" account.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" user by using the following command:
+
+# sudo stat -c "%n %U" /var/log/audit/*
+/var/log/audit/audit.log root
+
+If the audit log files are owned by an user other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219230" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
+
+Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100687</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log files are owned by "root" group.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
+
+# sudo stat -c "%n %G" /var/log/audit/*
+/var/log/audit/audit.log root
+
+If the audit log files are owned by a group other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219231" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100689</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory has a mode of "0750" or less permissive.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory has a mode of "0750" or less by using the following command:
+
+# sudo stat -c "%n %a" /var/log/audit
+/var/log/audit 750
+
+If the audit log directory has a mode more permissive than "0750", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219232" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100691</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory is owned by "root" account.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory is owned by the "root" user by using the following command:
+
+# sudo stat -c "%n %U" /var/log/audit
+/var/log/audit root
+
+If the audit log directory is owned by an user other than "root", this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219233" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
+
+To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
+
+Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100693</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the audit log directory is owned by "root" group.
+
+First determine where the audit logs are stored with the following command:
+
+# sudo grep -iw log_file /etc/audit/auditd.conf
+log_file = /var/log/audit/audit.log
+
+Using the path of the directory containing the audit logs, check if the directory is owned by the "root" group by using the following command:
+
+# sudo stat -c "%n %G" /var/log/audit
+/var/log/audit root
+
+If the audit log directory is owned by a group other than "root", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219315" severity="medium" conversionstatus="pass" title="SRG-OS-000066-GPOS-00034" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
@@ -292,17 +492,17 @@ If "cert_policy" is not set to "ca", or the line is commented out, this is a fin
       <LegacyId>V-100855</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system has the 'libpam-pkcs11’ package installed, by running the following command:
+      <RawString>Verify the Ubuntu operating system has the "libpam-pkcs11" package installed, by running the following command:
 
-# dpkg -l | grep libpam-pkcs11
+     # dpkg -l | grep libpam-pkcs11
 
 If "libpam-pkcs11" is not installed, this is a finding.
 
 Check if use_mappers is set to pwent in /etc/pam_pkcs11/pam_pkcs11.conf file
-# grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
-use_mappers = pwent
+     # grep use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
+     use_mappers = pwent
 
-If ‘use_mappers’ is not found or is not set to pwent this is a finding.</RawString>
+If "use_mappers" is not found, or is not set to "pwent", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219320" severity="medium" conversionstatus="pass" title="SRG-OS-000377-GPOS-00162" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
@@ -341,6 +541,30 @@ Check the account inactivity value by performing the following command:
 INACTIVE=35
 
 If "INACTIVE" is not set to a value 0&lt;[VALUE]&lt;=35, or is commented out, this is a finding.</RawString>
+    </Rule>
+    <Rule id="V-219330" severity="medium" conversionstatus="pass" title="SRG-OS-000142-GPOS-00071" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
+
+Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100883</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the Ubuntu operating system is configured to use TCP syncookies.
+
+Check the value of TCP syncookies with the following command:
+
+# sysctl net.ipv4.tcp_syncookies
+net.ipv4.tcp_syncookies = 1
+
+If the value is not "1", this is a finding.
+
+Check the saved value of TCP syncookies with the following command:
+
+# sudo grep -i net.ipv4.tcp_syncookies /etc/sysctl.conf /etc/sysctl.d/* | grep -v '#'
+
+If no output is returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219331" severity="medium" conversionstatus="pass" title="SRG-OS-000355-GPOS-00143" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
@@ -430,6 +654,31 @@ lo Link encap:Local Loopback
 
 If a wireless interface is configured and has not been documented and approved by the Information System Security Officer (ISSO), this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255907" severity="low" conversionstatus="pass" title="SRG-OS-000138-GPOS-00069" dscresource="None">
+      <Description>&lt;VulnDiscussion&gt;Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DuplicateOf />
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
+
+     $ sudo sysctl kernel.dmesg_restrict
+     kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter:
+
+     $ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/* /etc/sysctl.d/* /usr/local/lib/sysctl.d/* /usr/lib/sysctl.d/* /lib/sysctl.d/* /etc/sysctl.conf 2&gt; /dev/null
+     /etc/sysctl.conf:kernel.dmesg_restrict = 1
+     /etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
+
+If conflicting results are returned, this is a finding.</RawString>
+    </Rule>
   </DocumentRule>
   <ManualRule dscresourcemodule="None">
     <Rule id="V-219147" severity="high" conversionstatus="pass" title="SRG-OS-000080-GPOS-00048" dscresource="None">
@@ -505,52 +754,6 @@ audit-offload
 Check if the script inside the file does offloading of audit logs to an external media.
 
 If the script file does not exist or if the script file doesn't offload audit logs, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219162" severity="low" conversionstatus="pass" title="SRG-OS-000342-GPOS-00133" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
-
-Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100551</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify the audit event multiplexor is configured to off-load audit records to a different system or storage media from the system being audited.
-
-Check that audisp-remote plugin is installed:
-
-# sudo dpkg -s audispd-plugins
-
-If status is "not installed", verify that another method to off-load audit logs has been implemented.
-
-Check that the records are being off-loaded to a remote server with the following command:
-
-# sudo grep -i active /etc/audisp/plugins.d/au-remote.conf
-
-active = yes
-
-If "active" is not set to "yes", or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
-
-If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219163" severity="low" conversionstatus="pass" title="SRG-OS-000383-GPOS-00166" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If cached authentication information is out-of-date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100553</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>If smart card authentication is not being used on the system this item is Not Applicable.
-
-Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day.
-
-Check that PAM prohibits the use of cached authentications after one day with the following command:
-
-# sudo grep offline_credentials_expiration /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
-
-offline_credentials_expiration = 1
-
-If "offline_credentials_expiration" is not set to a value of "1", in /etc/sssd/sssd.conf or in a file with a name ending in .conf in the /etc/sssd/conf.d/ directory, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219168" severity="medium" conversionstatus="pass" title="SRG-OS-000109-GPOS-00056" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
@@ -686,7 +889,7 @@ Check that the /var/log directory is owned by root with the following command:
 If the /var/log directory is not owned by root, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219191" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+      <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
       <DuplicateOf />
@@ -694,15 +897,17 @@ The structure and content of error messages must be carefully considered by the
       <LegacyId>V-100609</LegacyId>
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
-      <RawString>Verify that the Ubuntu operating system configures the /var/log directory with a mode of 750 or less permissive.
+      <RawString>Verify that the Ubuntu operating system configures the /var/log directory with a mode of "755" or less permissive.
 
 Check the mode of the /var/log directory with the following command:
 
-# stat -c "%n %a" /var/log
+Note: If rsyslog is active and enabled on the operating system, this requirement is not applicable.
 
-/var/log 750
+$ stat -c "%n %a" /var/log
 
-If a value of "750" or less permissive is not returned, this is a finding.</RawString>
+/var/log 755
+
+If a value of "755" or less permissive is not returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219192" severity="medium" conversionstatus="pass" title="SRG-OS-000206-GPOS-00084" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
@@ -1050,162 +1255,6 @@ Loaded: masked (/dev/null; bad)
 Active: inactive (dead)
 
 If the "ctrl-alt-del.target" is not masked, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219228" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100683</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files have a mode of "0600" or less permissive.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files have a mode of "0600" or less by using the following command:
-
-# sudo stat -c "%n %a" /var/log/audit/*
-/var/log/audit/audit.log 600
-
-If the audit log files have a mode more permissive than "0600", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219229" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100685</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files are owned by "root" account.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" user by using the following command:
-
-# sudo stat -c "%n %U" /var/log/audit/*
-/var/log/audit/audit.log root
-
-If the audit log files are owned by an user other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219230" severity="medium" conversionstatus="pass" title="SRG-OS-000058-GPOS-00028" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized modification.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.
-
-Satisfies: SRG-OS-000058-GPOS-00028, SRG-OS-000057-GPOS-00027&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100687</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log files are owned by "root" group.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the audit log files are owned by the "root" group by using the following command:
-
-# sudo stat -c "%n %G" /var/log/audit/*
-/var/log/audit/audit.log root
-
-If the audit log files are owned by a group other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219231" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100689</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory has a mode of "0750" or less permissive.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory has a mode of "0750" or less by using the following command:
-
-# sudo stat -c "%n %a" /var/log/audit
-/var/log/audit 750
-
-If the audit log directory has a mode more permissive than "0750", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219232" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100691</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory is owned by "root" account.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory is owned by the "root" user by using the following command:
-
-# sudo stat -c "%n %U" /var/log/audit
-/var/log/audit root
-
-If the audit log directory is owned by an user other than "root", this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219233" severity="medium" conversionstatus="pass" title="SRG-OS-000059-GPOS-00029" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
-
-To ensure the veracity of audit information, the operating system must protect audit information from unauthorized deletion. This requirement can be achieved through multiple methods, which will depend upon system architecture and design.
-
-Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit information system activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100693</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify that the audit log directory is owned by "root" group.
-
-First determine where the audit logs are stored with the following command:
-
-# sudo grep -iw log_file /etc/audit/auditd.conf
-log_file = /var/log/audit/audit.log
-
-Using the path of the directory containing the audit logs, check if the directory is owned by the "root" group by using the following command:
-
-# sudo stat -c "%n %G" /var/log/audit
-/var/log/audit root
-
-If the audit log directory is owned by a group other than "root", this is a finding.</RawString>
     </Rule>
     <Rule id="V-219234" severity="medium" conversionstatus="pass" title="SRG-OS-000063-GPOS-00032" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
@@ -1506,30 +1555,6 @@ Account expires : Aug 07, 2019
 
 Verify each of these accounts has an expiration date set within 72 hours of accounts' creation.
 If any temporary account does not expire within 72 hours of that account's creation, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219330" severity="medium" conversionstatus="pass" title="SRG-OS-000142-GPOS-00071" dscresource="None">
-      <Description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
-
-Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100883</LegacyId>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Verify the Ubuntu operating system is configured to use TCP syncookies.
-
-Check the value of TCP syncookies with the following command:
-
-# sysctl net.ipv4.tcp_syncookies
-net.ipv4.tcp_syncookies = 1
-
-If the value is not "1", this is a finding.
-
-Check the saved value of TCP syncookies with the following command:
-
-# sudo grep -i net.ipv4.tcp_syncookies /etc/sysctl.conf /etc/sysctl.d/* | grep -v '#'
-
-If no output is returned, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219332" severity="low" conversionstatus="pass" title="SRG-OS-000356-GPOS-00144" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events.
@@ -2046,6 +2071,37 @@ Check that APT is configured to remove all software components after updating wi
 Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
 If the "::Remove-Unused-Dependencies" and "::Remove-Unused-Kernel-Packages" parameters are not set to "true", or are missing, or are commented out, this is a finding.
 </RawString>
+    </Rule>
+    <Rule id="V-219162" severity="low" conversionstatus="pass" title="SRG-OS-000342-GPOS-00133" dscresource="None">
+      <ContainsLine>active = yes</ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+
+Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>\s*active\s*=\s*no|active=yes|#\s*active\s*=.*</DoesNotContainPattern>
+      <DuplicateOf>V-219153.b</DuplicateOf>
+      <FilePath>/etc/audisp/plugins.d/au-remote.conf</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>V-100551</LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString>
+      </OrganizationValueTestString>
+      <RawString>Verify the audit event multiplexor is configured to off-load audit records to a different system or storage media from the system being audited.
+
+Check that audisp-remote plugin is installed:
+
+# sudo dpkg -s audispd-plugins
+
+If status is "not installed", verify that another method to off-load audit logs has been implemented.
+
+Check that the records are being off-loaded to a remote server with the following command:
+
+# sudo grep -i active /etc/audisp/plugins.d/au-remote.conf
+
+active = yes
+
+If "active" is not set to "yes", or the line is commented out, ask the System Administrator to indicate how the audit logs are off-loaded to a different system or storage media.
+
+If there is no evidence that the system is configured to off-load audit logs to a different system or storage media, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219167.a" severity="medium" conversionstatus="pass" title="SRG-OS-000024-GPOS-00007" dscresource="nxFileLine">
       <ContainsLine>[org/gnome/login-screen]</ContainsLine>
@@ -2176,7 +2232,7 @@ If the banner text does not match the Standard Mandatory DoD Notice and Consent
     <Rule id="V-219170.b" severity="medium" conversionstatus="pass" title="SRG-OS-000228-GPOS-00088" dscresource="nxFileLine">
       <ContainsLine>You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
-By using this IS (which includes any device attached to this IS), you consent to the following conditions.
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
 -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
 
@@ -2208,7 +2264,7 @@ By using this IS (which includes any device attached to this IS), you consent to
 -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
 Satisfies: SRG-OS-000228-GPOS-00088, SRG-OS-000023-GPOS-00006&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DoesNotContainPattern>#\s*You\s*are\s*accessing\s*a\s*U.S.\s*Government\s*(USG)\s*Information\s*System\s*(IS)\s*that\s*is\s*provided\s*for\s*USG-authorized\s*use\s*only.\s*By\s*using\s*this\s*IS\s*(which\s*includes\s*any\s*device\s*attached\s*to\s*this\s*IS),\s*you\s*consent\s*to\s*the\s*following\s*conditions.\s*-The\s*USG\s*routinely\s*intercepts\s*and\s*monitors\s*communications\s*on\s*this\s*IS\s*for\s*purposes\s*including,\s*but\s*not\s*limited\s*to,\s*penetration\s*testing,\s*COMSEC\s*monitoring,\s*network\s*operations\s*and\s*defense,\s*personnel\s*misconduct\s*(PM),\s*law\s*enforcement\s*(LE),\s*and\s*counterintelligence\s*(CI)\s*investigations.\s*-At\s*any\s*time,\s*the\s*USG\s*may\s*inspect\s*and\s*seize\s*data\s*stored\s*on\s*this\s*IS.\s*-Communications\s*using,\s*or\s*data\s*stored\s*on,\s*this\s*IS\s*are\s*not\s*private,\s*are\s*subject\s*to\s*routine\s*monitoring,\s*interception,\s*and\s*search,\s*and\s*may\s*be\s*disclosed\s*or\s*used\s*for\s*any\s*USG-authorized\s*purpose.\s*-This\s*IS\s*includes\s*security\s*measures\s*(e.g.,\s*authentication\s*and\s*access\s*controls)\s*to\s*protect\s*USG\s*interests--not\s*for\s*your\s*personal\s*benefit\s*or\s*privacy.\s*-Notwithstanding\s*the\s*above,\s*using\s*this\s*IS\s*does\s*not\s*constitute\s*consent\s*to\s*PM,\s*LE\s*or\s*CI\s*investigative\s*searching\s*or\s*monitoring\s*of\s*the\s*content\s*of\s*privileged\s*communications,\s*or\s*work\s*product,\s*related\s*to\s*personal\s*representation\s*or\s*services\s*by\s*attorneys,\s*psychotherapists,\s*or\s*clergy,\s*and\s*their\s*assistants.\s*Such\s*communications\s*and\s*work\s*product\s*are\s*private\s*and\s*confidential.\s*See\s*User\s*Agreement\s*for\s*details.</DoesNotContainPattern>
+      <DoesNotContainPattern>#\s*You\s*are\s*accessing\s*a\s*U.S.\s*Government\s*(USG)\s*Information\s*System\s*(IS)\s*that\s*is\s*provided\s*for\s*USG-authorized\s*use\s*only.\s*By\s*using\s*this\s*IS\s*(which\s*includes\s*any\s*device\s*attached\s*to\s*this\s*IS),\s*you\s*consent\s*to\s*the\s*following\s*conditions:\s*-The\s*USG\s*routinely\s*intercepts\s*and\s*monitors\s*communications\s*on\s*this\s*IS\s*for\s*purposes\s*including,\s*but\s*not\s*limited\s*to,\s*penetration\s*testing,\s*COMSEC\s*monitoring,\s*network\s*operations\s*and\s*defense,\s*personnel\s*misconduct\s*(PM),\s*law\s*enforcement\s*(LE),\s*and\s*counterintelligence\s*(CI)\s*investigations.\s*-At\s*any\s*time,\s*the\s*USG\s*may\s*inspect\s*and\s*seize\s*data\s*stored\s*on\s*this\s*IS.\s*-Communications\s*using,\s*or\s*data\s*stored\s*on,\s*this\s*IS\s*are\s*not\s*private,\s*are\s*subject\s*to\s*routine\s*monitoring,\s*interception,\s*and\s*search,\s*and\s*may\s*be\s*disclosed\s*or\s*used\s*for\s*any\s*USG-authorized\s*purpose.\s*-This\s*IS\s*includes\s*security\s*measures\s*(e.g.,\s*authentication\s*and\s*access\s*controls)\s*to\s*protect\s*USG\s*interests--not\s*for\s*your\s*personal\s*benefit\s*or\s*privacy.\s*-Notwithstanding\s*the\s*above,\s*using\s*this\s*IS\s*does\s*not\s*constitute\s*consent\s*to\s*PM,\s*LE\s*or\s*CI\s*investigative\s*searching\s*or\s*monitoring\s*of\s*the\s*content\s*of\s*privileged\s*communications,\s*or\s*work\s*product,\s*related\s*to\s*personal\s*representation\s*or\s*services\s*by\s*attorneys,\s*psychotherapists,\s*or\s*clergy,\s*and\s*their\s*assistants.\s*Such\s*communications\s*and\s*work\s*product\s*are\s*private\s*and\s*confidential.\s*See\s*User\s*Agreement\s*for\s*details.</DoesNotContainPattern>
       <DuplicateOf />
       <FilePath>/etc/issue</FilePath>
       <IsNullOrEmpty>False</IsNullOrEmpty>
@@ -2217,7 +2273,7 @@ Satisfies: SRG-OS-000228-GPOS-00088, SRG-OS-000023-GPOS-00006&lt;/VulnDiscussion
       <OrganizationValueTestString />
       <RawString>You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
-By using this IS (which includes any device attached to this IS), you consent to the following conditions.
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
 -The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
 
@@ -4506,6 +4562,26 @@ X11UseLocalhost yes
 
 If the "X11UseLocalhost" keyword is set to "no", is missing, or is commented out, this is a finding.</RawString>
     </Rule>
+    <Rule id="V-255906" severity="medium" conversionstatus="pass" title="SRG-OS-000250-GPOS-00093" dscresource="nxFileLine">
+      <ContainsLine>KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</ContainsLine>
+      <Description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection.
+
+The system will attempt to use the first algorithm presented by the client that matches the server list. Listing the values "strongest to weakest" is a method to ensure the use of the strongest algorithm available to secure the SSH connection.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
+      <DoesNotContainPattern>#\s*KexAlgorithms\s*ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256</DoesNotContainPattern>
+      <DuplicateOf />
+      <FilePath>/etc/ssh/sshd_config</FilePath>
+      <IsNullOrEmpty>False</IsNullOrEmpty>
+      <LegacyId>
+      </LegacyId>
+      <OrganizationValueRequired>False</OrganizationValueRequired>
+      <OrganizationValueTestString />
+      <RawString>Verify that the SSH server is configured to use only FIPS-validated key exchange algorithms:
+
+     $ sudo grep -i kexalgorithms /etc/ssh/sshd_config
+     KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
+ 
+If "KexAlgorithms" is not configured, is commented out, or does not contain only the algorithms "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" in exact order, this is a finding.</RawString>
+    </Rule>
   </nxFileLineRule>
   <nxFileRule dscresourcemodule="nx">
     <Rule id="V-219303.a" severity="medium" conversionstatus="pass" title="SRG-OS-000029-GPOS-00010" dscresource="nxFile">
@@ -4631,29 +4707,6 @@ If a privileged user were to log on using this service, the privileged user pass
 # dpkg -l | grep rsh-server
 
 If the rsh-server package is installed, this is a finding.</RawString>
-    </Rule>
-    <Rule id="V-219159" severity="medium" conversionstatus="pass" title="SRG-OS-000191-GPOS-00080" dscresource="nxPackage">
-      <Description>&lt;VulnDiscussion&gt;Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.
-
-To support this requirement, the Ubuntu operating system may have an integrated solution incorporating continuous scanning using HBSS and periodic scanning using other tools, as specified in the requirement.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</Description>
-      <DuplicateOf />
-      <Ensure>Present</Ensure>
-      <IsNullOrEmpty>False</IsNullOrEmpty>
-      <LegacyId>V-100545</LegacyId>
-      <Name>mfetp</Name>
-      <OrganizationValueRequired>False</OrganizationValueRequired>
-      <OrganizationValueTestString />
-      <RawString>Check that the "mfetp" package has been installed:
-
-# dpkg -l | grep mfetp
-
-If the "mfetp" package is not installed, this is a finding.
-
-Check that the daemon is running:
-
-# /opt/McAfee/ens/tp/init/mfetpd-control.sh status
-
-If the daemon is not running, this is a finding.</RawString>
     </Rule>
     <Rule id="V-219160.a" severity="medium" conversionstatus="pass" title="SRG-OS-000269-GPOS-00103" dscresource="nxPackage">
       <Description>&lt;VulnDiscussion&gt;Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. 
@@ -4990,14 +5043,17 @@ This requirement applies to the Ubuntu operating system performing security func
       <RawString>Verify that Advanced Intrusion Detection Environment (AIDE) is installed and verifies the correct operation of all security functions.
 
 Check that the AIDE package is installed with the following command:
-
-# sudo dpkg -l | grep aide
-
-aide/xenial,now 0.16~a2.git20130520-3 amd64 [installed]
+     $ sudo dpkg -l | grep aide 
+     ii   aide   0.16-3ubuntu0.1   amd64   Advanced Intrusion Detection Environment - static binary
 
 If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
 
-If there is no application installed to perform integrity checks, this is a finding.</RawString>
+If there is no application installed to perform integrity checks, this is a finding.
+
+If AIDE is installed, check if it has been initialized with the following command:
+     $ sudo aide.wrapper --check
+
+If the output is "Couldn't open file /var/lib/aide/aide.db for reading", this is a finding.</RawString>
     </Rule>
   </nxPackageRule>
   <nxServiceRule dscresourcemodule="nx">

source/StigData/Processed/WindowsServer-2022-DC-1.1.org.default.xml

@@ -0,0 +1,95 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254387'' -le '600' -and ''V-254387'' -ne '0'-->
+  <OrganizationalSetting id="V-254387" PolicyValue="600" />
+  <!-- Ensure ''V-254388'' -le '10' -and ''V-254388'' -ne '0'-->
+  <OrganizationalSetting id="V-254388" PolicyValue="10" />
+  <!-- Ensure ''V-254389'' -le '7'-->
+  <OrganizationalSetting id="V-254389" PolicyValue="7" />
+  <!-- Ensure ''V-254390'' -le '5'-->
+  <OrganizationalSetting id="V-254390" PolicyValue="5" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>

source/StigData/Processed/WindowsServer-2022-MS-1.1.org.default.xml

@@ -0,0 +1,91 @@
+<!--
+    The organizational settings file is used to define the local organizations
+    preferred setting within an allowed range of the STIG.
+
+    Each setting in this file is linked by STIG ID and the valid range is in an
+    associated comment.
+-->
+<OrganizationalSettings fullversion="1.1">
+  <!-- Ensure ServiceName/StartupType is populated with correct AntiVirus service information-->
+  <OrganizationalSetting id="V-254248" ServiceName="" StartupType="" />
+  <!-- Ensure ServiceName/StartupType is populated with correct Firewall service information-->
+  <OrganizationalSetting id="V-254265" ServiceName="" StartupType="" />
+  <!-- Ensure ''V-254343.b'' -match '1|3'-->
+  <OrganizationalSetting id="V-254343.b" ValueData="1" />
+  <!-- Ensure ''V-254344'' -match '1|3|8|ShouldBeAbsent'-->
+  <OrganizationalSetting id="V-254344" ValueData="8" />
+  <!-- Ensure ''V-254356'' -match '0|1'-->
+  <OrganizationalSetting id="V-254356" ValueData="1" />
+  <!-- Ensure ''V-254357'' -match '0|1|2|99|100'-->
+  <OrganizationalSetting id="V-254357" ValueData="100" />
+  <!-- Ensure ''V-254358'' -ge '32768'-->
+  <OrganizationalSetting id="V-254358" ValueData="32768" />
+  <!-- Ensure ''V-254359'' -ge '196608'-->
+  <OrganizationalSetting id="V-254359" ValueData="196608" />
+  <!-- Ensure ''V-254360'' -ge '32768'-->
+  <OrganizationalSetting id="V-254360" ValueData="32768" />
+  <!-- Ensure ''V-254432'' -le '4'-->
+  <OrganizationalSetting id="V-254432" ValueData="4" />
+  <!-- Ensure location for DoD Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254442.a" Location="" />
+  <!-- Ensure location for DoD Root CA 3 certificate is present-->
+  <OrganizationalSetting id="V-254442.b" Location="" />
+  <!-- Ensure location for DoD Root CA 4 certificate is present-->
+  <OrganizationalSetting id="V-254442.c" Location="" />
+  <!-- Ensure location for DoD Root CA 5 certificate is present-->
+  <OrganizationalSetting id="V-254442.d" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254443.a" Location="" />
+  <!-- Ensure location for DoD Interoperability Root CA 1 certificate is present-->
+  <OrganizationalSetting id="V-254443.b" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.a" Location="" />
+  <!-- Ensure location for US DoD CCEB Interoperability Root CA 2 certificate is present-->
+  <OrganizationalSetting id="V-254444.b" Location="" />
+  <!-- Ensure ''V-254454'' -le '30' -and ''V-254454'' -gt '0'-->
+  <OrganizationalSetting id="V-254454" ValueData="30" />
+  <!-- Ensure ''V-254456'' -le '900' -and ''V-254456'' -gt '0'-->
+  <OrganizationalSetting id="V-254456" ValueData="900" />
+  <!-- Ensure 'V-254457' is set to the required legal notice before logon-->
+  <OrganizationalSetting id="V-254457" ValueData="You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+
+By using this IS (which includes any device attached to this IS), you consent to the following conditions:
+
+-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
+
+-At any time, the USG may inspect and seize data stored on this IS.
+
+-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
+
+-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
+
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details." />
+  <!-- Ensure ''V-254458'' -match '^(DoD Notice and Consent Banner|US Department of Defense Warning Statement)$'-->
+  <OrganizationalSetting id="V-254458" ValueData="DoD Notice and Consent Banner" />
+  <!-- Ensure ''V-254459'' -match '1|2'-->
+  <OrganizationalSetting id="V-254459" ValueData="1" />
+  <!-- Ensure ''V-254484'' -match '1|2'-->
+  <OrganizationalSetting id="V-254484" ValueData="1" />
+  <!-- Ensure ''V-254285'' -ge '15' -or ''V-254285'' -eq '0'-->
+  <OrganizationalSetting id="V-254285" PolicyValue="15" />
+  <!-- Ensure ''V-254286'' -le '3' -and ''V-254286'' -ne '0'-->
+  <OrganizationalSetting id="V-254286" PolicyValue="3" />
+  <!-- Ensure ''V-254287'' -ge '15'-->
+  <OrganizationalSetting id="V-254287" PolicyValue="15" />
+  <!-- Ensure ''V-254288'' -ge '24'-->
+  <OrganizationalSetting id="V-254288" PolicyValue="24" />
+  <!-- Ensure ''V-254289'' -le '60' -and ''V-254289'' -ne '0'-->
+  <OrganizationalSetting id="V-254289" PolicyValue="60" />
+  <!-- Ensure ''V-254290'' -ne '0'-->
+  <OrganizationalSetting id="V-254290" PolicyValue="1" />
+  <!-- Ensure ''V-254291'' -ge '14'-->
+  <OrganizationalSetting id="V-254291" PolicyValue="14" />
+  <!-- Ensure ''V-254435'' -match 'Enterprise Admins,Domain Admins,(Local account and member of Administrators group|Local account),Guests'-->
+  <OrganizationalSetting id="V-254435" Identity="Enterprise Admins,Domain Admins,Local account and member of Administrators group,Guests" />
+  <!-- Ensure ''V-254447'' -ne 'Administrator'-->
+  <OrganizationalSetting id="V-254447" OptionValue="" />
+  <!-- Ensure ''V-254448'' -ne 'Guest'-->
+  <OrganizationalSetting id="V-254448" OptionValue="" />
+  <!-- Ensure ''V-254499'' -match '^(Administrators,NT Virtual Machine\\Virtual Machines|Administrators)$'-->
+  <OrganizationalSetting id="V-254499" Identity="Administrators" />
+</OrganizationalSettings>