diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/ansible/shared.yml
index 13dbf9ec612f..6bb54d80f23d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/ansible/shared.yml
@@ -6,7 +6,7 @@
 
 {{{ ansible_instantiate_variables("var_logind_session_timeout") }}}
 
-{{% if product in ["sle15", "sle16"] %}}
+{{% if product in ["rhel9", "rhel10", "sle15", "sle16"] %}}
 # create drop-in in the /etc/systemd/logind.conf.d/ directory
 {{% set logind_conf_file = "/etc/systemd/logind.conf.d/oscap-idle-sessions.conf" %}}
 {{% else %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/bash/shared.sh
index 72a2ca90de7e..72e3aa52ba40 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/bash/shared.sh
@@ -2,7 +2,7 @@
 
 {{{ bash_instantiate_variables("var_logind_session_timeout") }}}
 
-{{% if product in ["sle15", "sle16"] %}}
+{{% if product in ["rhel9", "rhel10", "sle15", "sle16"] %}}
 # create drop-in in the /etc/systemd/logind.conf.d/ directory
 {{% set logind_conf_file = "/etc/systemd/logind.conf.d/oscap-idle-sessions.conf" %}}
 {{% else %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/oval/shared.xml
index e4466d9b0c9b..80c8b6a55aa1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if product in ["sle15", "sle16"] %}}
+{{% if product in ["rhel9", "rhel10", "sle15", "sle16"] %}}
 {{% set logind_conf_file = "/etc/systemd/logind.conf.d/" %}}
 {{% else %}}
 {{% set logind_conf_file = "/etc/systemd/logind.conf" %}}
@@ -6,7 +6,7 @@
 
 <def-group>
   <definition class="compliance" id="logind_session_timeout" version="1">
-    {{% if product in ["sle15", "sle16"] %}}
+    {{% if product in ["rhel9", "rhel10", "sle15", "sle16"] %}}
     {{{ oval_metadata("Ensure 'StopIdleSessionSec' is configured with desired value in section 'Login' in {{{ logind_conf_file }}}", rule_title=rule_title) }}}
     <criteria comment="logind is configured correctly and configuration file exists" operator="AND">
       <criterion comment="Check the StopIdleSessionSec in {{{ logind_conf_file }}}" test_ref="test_logind_session_timeout_drop_in"/>
diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/tests/common.sh b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/tests/common.sh
index 441b663d9240..f40b296ec76b 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/tests/common.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/tests/common.sh
@@ -3,7 +3,7 @@
 # this file prepares unified test environment used by other scenarios
 # These should be tuned per product to match defaults
 
-{{% if product in ["sle15", "sle16"] %}}
+{{% if product in ["rhel9", "rhel10", "sle15", "sle16"] %}}
 LOGIND_CONF_FILE="/etc/systemd/logind.conf.d/oscap-idle-sessions.conf"
 mkdir -p /etc/systemd/logind.conf.d/
 {{% else %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
index 0faa359e3937..a8bf7416aa2e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
@@ -11,6 +11,7 @@
       dest: /etc/systemd/system/emergency.service.d/10-oscap.conf
       block: |
         [Service]
+        ExecStart=
         ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
 {{% else %}}
 - name: Require emergency mode password
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
index a9995656d996..43dda82dea2f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
@@ -16,6 +16,7 @@ sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default
 {{% if 'sle' in product or 'rhel' in product or product == 'fedora' or product == 'slmicro5' or 'ol' in families  %}}
 mkdir -p "${service_dropin_cfg_dir}"
 echo "[Service]" >> "${service_dropin_file}"
+echo "ExecStart=" >> "${service_dropin_file}"
 echo "ExecStart=-$sulogin" >> "${service_dropin_file}"
 {{% else %}}
 if grep "^ExecStart=.*" "$service_file" ; then
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
index 3a3bc5278b49..b5fe9798720c 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
@@ -28,6 +28,9 @@ references:
     stigid@ol7: OL07-00-021031
     stigid@ol8: OL08-00-010700
 
+identifiers:
+    cce@rhel9: CCE-86469-4
+
 ocil_clause: 'there is output'
 
 ocil: |-
diff --git a/products/rhel9/controls/stig_rhel9.yml b/products/rhel9/controls/stig_rhel9.yml
index 7007e84787f1..902c50ec108a 100644
--- a/products/rhel9/controls/stig_rhel9.yml
+++ b/products/rhel9/controls/stig_rhel9.yml
@@ -1303,7 +1303,7 @@ controls:
       title: All RHEL 9 world-writable directories must be owned by root, sys, bin, or an application
           user.
       rules:
-          - dir_perms_world_writable_root_owned
+          - dir_perms_world_writable_system_owned
       status: automated
 
     - id: RHEL-09-232245
@@ -2087,9 +2087,10 @@ controls:
     - id: RHEL-09-271065
       levels:
           - medium
-      title: RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.
+      title: RHEL 9 must automatically lock graphical user sessions after 10 minutes of inactivity.
       rules:
           - dconf_gnome_screensaver_idle_delay
+          - inactivity_timeout_value=10_minutes
       status: automated
 
     - id: RHEL-09-271070
@@ -2511,7 +2512,7 @@ controls:
       title: RHEL 9 must terminate idle user sessions.
       rules:
           - logind_session_timeout
-          - var_logind_session_timeout=15_minutes
+          - var_logind_session_timeout=10_minutes
       status: automated
 
     - id: RHEL-09-431010
@@ -3500,6 +3501,16 @@ controls:
           - audit_rules_privileged_commands_crontab
       status: automated
 
+    - id: RHEL-09-654097
+      levels:
+          - medium
+      title: RHEL 9 must audit any script or executable called by cron as root or by any privileged user.
+      rules:
+          - audit_rules_etc_cron_d
+          - audit_rules_var_spool_cron
+      status: automated
+
+
     - id: RHEL-09-654100
       levels:
           - medium
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index f1dff1792b67..a9080fc38054 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -3,7 +3,6 @@ CCE-86461-1
 CCE-86465-2
 CCE-86466-0
 CCE-86468-6
-CCE-86469-4
 CCE-86482-7
 CCE-86483-5
 CCE-86484-3
diff --git a/shared/references/disa-stig-rhel9-v2r6-xccdf-manual.xml b/shared/references/disa-stig-rhel9-v2r7-xccdf-manual.xml
similarity index 83%
rename from shared/references/disa-stig-rhel9-v2r6-xccdf-manual.xml
rename to shared/references/disa-stig-rhel9-v2r7-xccdf-manual.xml
index 8381fa5bfa40..b4685141b79d 100644
--- a/shared/references/disa-stig-rhel9-v2r6-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel9-v2r7-xccdf-manual.xml
@@ -1,10 +1,13 @@
-<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_9_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2025-08-20">accepted</status><title>Red Hat Enterprise Linux 9 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 6 Benchmark Date: 01 Oct 2025</plain-text><plain-text id="generator">3.5.1</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>2</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258062" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258076" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /></Profile><Group id="V-257777"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257777r991589_rule" weight="10.0" severity="high"><version>RHEL-09-211010</version><title>RHEL 9 must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
+<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_9_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2025-11-24">accepted</status><title>Red Hat Enterprise Linux 9 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 7 Benchmark Date: 05 Jan 2026</plain-text><plain-text id="generator">3.5.2</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>2</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-257777" selected="true" /><select idref="V-257778" selected="true" /><select idref="V-257779" selected="true" /><select idref="V-257781" selected="true" /><select idref="V-257782" selected="true" /><select idref="V-257783" selected="true" /><select idref="V-257784" selected="true" /><select idref="V-257785" selected="true" /><select idref="V-257786" selected="true" /><select idref="V-257787" selected="true" /><select idref="V-257788" selected="true" /><select idref="V-257789" selected="true" /><select idref="V-257790" selected="true" /><select idref="V-257791" selected="true" /><select idref="V-257792" selected="true" /><select idref="V-257793" selected="true" /><select idref="V-257794" selected="true" /><select idref="V-257795" selected="true" /><select idref="V-257796" selected="true" /><select idref="V-257797" selected="true" /><select idref="V-257798" selected="true" /><select idref="V-257799" selected="true" /><select idref="V-257800" selected="true" /><select idref="V-257801" selected="true" /><select idref="V-257802" selected="true" /><select idref="V-257803" selected="true" /><select idref="V-257804" selected="true" /><select idref="V-257805" selected="true" /><select idref="V-257806" selected="true" /><select idref="V-257807" selected="true" /><select idref="V-257808" selected="true" /><select idref="V-257809" selected="true" /><select idref="V-257810" selected="true" /><select idref="V-257811" selected="true" /><select idref="V-257812" selected="true" /><select idref="V-257813" selected="true" /><select idref="V-257814" selected="true" /><select idref="V-257815" selected="true" /><select idref="V-257816" selected="true" /><select idref="V-257817" selected="true" /><select idref="V-257818" selected="true" /><select idref="V-257819" selected="true" /><select idref="V-257820" selected="true" /><select idref="V-257821" selected="true" /><select idref="V-257822" selected="true" /><select idref="V-257823" selected="true" /><select idref="V-257824" selected="true" /><select idref="V-257825" selected="true" /><select idref="V-257826" selected="true" /><select idref="V-257827" selected="true" /><select idref="V-257828" selected="true" /><select idref="V-257829" selected="true" /><select idref="V-257830" selected="true" /><select idref="V-257831" selected="true" /><select idref="V-257832" selected="true" /><select idref="V-257833" selected="true" /><select idref="V-257834" selected="true" /><select idref="V-257835" selected="true" /><select idref="V-257836" selected="true" /><select idref="V-257837" selected="true" /><select idref="V-257838" selected="true" /><select idref="V-257839" selected="true" /><select idref="V-257840" selected="true" /><select idref="V-257841" selected="true" /><select idref="V-257842" selected="true" /><select idref="V-257843" selected="true" /><select idref="V-257844" selected="true" /><select idref="V-257845" selected="true" /><select idref="V-257846" selected="true" /><select idref="V-257847" selected="true" /><select idref="V-257848" selected="true" /><select idref="V-257849" selected="true" /><select idref="V-257850" selected="true" /><select idref="V-257851" selected="true" /><select idref="V-257852" selected="true" /><select idref="V-257854" selected="true" /><select idref="V-257855" selected="true" /><select idref="V-257856" selected="true" /><select idref="V-257857" selected="true" /><select idref="V-257858" selected="true" /><select idref="V-257859" selected="true" /><select idref="V-257860" selected="true" /><select idref="V-257861" selected="true" /><select idref="V-257862" selected="true" /><select idref="V-257863" selected="true" /><select idref="V-257864" selected="true" /><select idref="V-257865" selected="true" /><select idref="V-257866" selected="true" /><select idref="V-257867" selected="true" /><select idref="V-257868" selected="true" /><select idref="V-257869" selected="true" /><select idref="V-257870" selected="true" /><select idref="V-257871" selected="true" /><select idref="V-257872" selected="true" /><select idref="V-257873" selected="true" /><select idref="V-257874" selected="true" /><select idref="V-257875" selected="true" /><select idref="V-257876" selected="true" /><select idref="V-257877" selected="true" /><select idref="V-257878" selected="true" /><select idref="V-257879" selected="true" /><select idref="V-257880" selected="true" /><select idref="V-257881" selected="true" /><select idref="V-257882" selected="true" /><select idref="V-257883" selected="true" /><select idref="V-257884" selected="true" /><select idref="V-257885" selected="true" /><select idref="V-257886" selected="true" /><select idref="V-257887" selected="true" /><select idref="V-257888" selected="true" /><select idref="V-257889" selected="true" /><select idref="V-257890" selected="true" /><select idref="V-257891" selected="true" /><select idref="V-257892" selected="true" /><select idref="V-257893" selected="true" /><select idref="V-257894" selected="true" /><select idref="V-257895" selected="true" /><select idref="V-257896" selected="true" /><select idref="V-257897" selected="true" /><select idref="V-257898" selected="true" /><select idref="V-257899" selected="true" /><select idref="V-257900" selected="true" /><select idref="V-257901" selected="true" /><select idref="V-257902" selected="true" /><select idref="V-257903" selected="true" /><select idref="V-257904" selected="true" /><select idref="V-257905" selected="true" /><select idref="V-257906" selected="true" /><select idref="V-257907" selected="true" /><select idref="V-257908" selected="true" /><select idref="V-257909" selected="true" /><select idref="V-257910" selected="true" /><select idref="V-257911" selected="true" /><select idref="V-257912" selected="true" /><select idref="V-257913" selected="true" /><select idref="V-257914" selected="true" /><select idref="V-257915" selected="true" /><select idref="V-257916" selected="true" /><select idref="V-257917" selected="true" /><select idref="V-257918" selected="true" /><select idref="V-257919" selected="true" /><select idref="V-257920" selected="true" /><select idref="V-257921" selected="true" /><select idref="V-257922" selected="true" /><select idref="V-257923" selected="true" /><select idref="V-257924" selected="true" /><select idref="V-257925" selected="true" /><select idref="V-257926" selected="true" /><select idref="V-257927" selected="true" /><select idref="V-257928" selected="true" /><select idref="V-257929" selected="true" /><select idref="V-257930" selected="true" /><select idref="V-257931" selected="true" /><select idref="V-257932" selected="true" /><select idref="V-257934" selected="true" /><select idref="V-257935" selected="true" /><select idref="V-257936" selected="true" /><select idref="V-257937" selected="true" /><select idref="V-257939" selected="true" /><select idref="V-257940" selected="true" /><select idref="V-257941" selected="true" /><select idref="V-257942" selected="true" /><select idref="V-257943" selected="true" /><select idref="V-257944" selected="true" /><select idref="V-257945" selected="true" /><select idref="V-257946" selected="true" /><select idref="V-257947" selected="true" /><select idref="V-257948" selected="true" /><select idref="V-257949" selected="true" /><select idref="V-257950" selected="true" /><select idref="V-257951" selected="true" /><select idref="V-257953" selected="true" /><select idref="V-257954" selected="true" /><select idref="V-257955" selected="true" /><select idref="V-257956" selected="true" /><select idref="V-257957" selected="true" /><select idref="V-257958" selected="true" /><select idref="V-257959" selected="true" /><select idref="V-257960" selected="true" /><select idref="V-257961" selected="true" /><select idref="V-257962" selected="true" /><select idref="V-257963" selected="true" /><select idref="V-257964" selected="true" /><select idref="V-257965" selected="true" /><select idref="V-257966" selected="true" /><select idref="V-257967" selected="true" /><select idref="V-257968" selected="true" /><select idref="V-257969" selected="true" /><select idref="V-257970" selected="true" /><select idref="V-257971" selected="true" /><select idref="V-257972" selected="true" /><select idref="V-257973" selected="true" /><select idref="V-257974" selected="true" /><select idref="V-257975" selected="true" /><select idref="V-257976" selected="true" /><select idref="V-257977" selected="true" /><select idref="V-257978" selected="true" /><select idref="V-257979" selected="true" /><select idref="V-257980" selected="true" /><select idref="V-257981" selected="true" /><select idref="V-257982" selected="true" /><select idref="V-257983" selected="true" /><select idref="V-257984" selected="true" /><select idref="V-257985" selected="true" /><select idref="V-257986" selected="true" /><select idref="V-257989" selected="true" /><select idref="V-257991" selected="true" /><select idref="V-257992" selected="true" /><select idref="V-257993" selected="true" /><select idref="V-257994" selected="true" /><select idref="V-257995" selected="true" /><select idref="V-257996" selected="true" /><select idref="V-257997" selected="true" /><select idref="V-257998" selected="true" /><select idref="V-257999" selected="true" /><select idref="V-258000" selected="true" /><select idref="V-258001" selected="true" /><select idref="V-258002" selected="true" /><select idref="V-258003" selected="true" /><select idref="V-258004" selected="true" /><select idref="V-258005" selected="true" /><select idref="V-258006" selected="true" /><select idref="V-258007" selected="true" /><select idref="V-258008" selected="true" /><select idref="V-258009" selected="true" /><select idref="V-258011" selected="true" /><select idref="V-258012" selected="true" /><select idref="V-258013" selected="true" /><select idref="V-258014" selected="true" /><select idref="V-258015" selected="true" /><select idref="V-258016" selected="true" /><select idref="V-258017" selected="true" /><select idref="V-258018" selected="true" /><select idref="V-258019" selected="true" /><select idref="V-258020" selected="true" /><select idref="V-258021" selected="true" /><select idref="V-258022" selected="true" /><select idref="V-258023" selected="true" /><select idref="V-258024" selected="true" /><select idref="V-258025" selected="true" /><select idref="V-258026" selected="true" /><select idref="V-258027" selected="true" /><select idref="V-258028" selected="true" /><select idref="V-258029" selected="true" /><select idref="V-258030" selected="true" /><select idref="V-258031" selected="true" /><select idref="V-258032" selected="true" /><select idref="V-258033" selected="true" /><select idref="V-258034" selected="true" /><select idref="V-258035" selected="true" /><select idref="V-258036" selected="true" /><select idref="V-258037" selected="true" /><select idref="V-258038" selected="true" /><select idref="V-258039" selected="true" /><select idref="V-258040" selected="true" /><select idref="V-258041" selected="true" /><select idref="V-258042" selected="true" /><select idref="V-258043" selected="true" /><select idref="V-258044" selected="true" /><select idref="V-258045" selected="true" /><select idref="V-258046" selected="true" /><select idref="V-258047" selected="true" /><select idref="V-258048" selected="true" /><select idref="V-258049" selected="true" /><select idref="V-258050" selected="true" /><select idref="V-258051" selected="true" /><select idref="V-258052" selected="true" /><select idref="V-258053" selected="true" /><select idref="V-258054" selected="true" /><select idref="V-258055" selected="true" /><select idref="V-258056" selected="true" /><select idref="V-258057" selected="true" /><select idref="V-258058" selected="true" /><select idref="V-258059" selected="true" /><select idref="V-258060" selected="true" /><select idref="V-258061" selected="true" /><select idref="V-258068" selected="true" /><select idref="V-258069" selected="true" /><select idref="V-258070" selected="true" /><select idref="V-258071" selected="true" /><select idref="V-258072" selected="true" /><select idref="V-258073" selected="true" /><select idref="V-258074" selected="true" /><select idref="V-258075" selected="true" /><select idref="V-258077" selected="true" /><select idref="V-258078" selected="true" /><select idref="V-258079" selected="true" /><select idref="V-258080" selected="true" /><select idref="V-258081" selected="true" /><select idref="V-258082" selected="true" /><select idref="V-258083" selected="true" /><select idref="V-258084" selected="true" /><select idref="V-258085" selected="true" /><select idref="V-258086" selected="true" /><select idref="V-258087" selected="true" /><select idref="V-258088" selected="true" /><select idref="V-258089" selected="true" /><select idref="V-258090" selected="true" /><select idref="V-258091" selected="true" /><select idref="V-258094" selected="true" /><select idref="V-258095" selected="true" /><select idref="V-258096" selected="true" /><select idref="V-258097" selected="true" /><select idref="V-258098" selected="true" /><select idref="V-258099" selected="true" /><select idref="V-258100" selected="true" /><select idref="V-258101" selected="true" /><select idref="V-258102" selected="true" /><select idref="V-258103" selected="true" /><select idref="V-258104" selected="true" /><select idref="V-258105" selected="true" /><select idref="V-258106" selected="true" /><select idref="V-258107" selected="true" /><select idref="V-258109" selected="true" /><select idref="V-258110" selected="true" /><select idref="V-258111" selected="true" /><select idref="V-258112" selected="true" /><select idref="V-258113" selected="true" /><select idref="V-258114" selected="true" /><select idref="V-258115" selected="true" /><select idref="V-258116" selected="true" /><select idref="V-258117" selected="true" /><select idref="V-258118" selected="true" /><select idref="V-258120" selected="true" /><select idref="V-258121" selected="true" /><select idref="V-258122" selected="true" /><select idref="V-258123" selected="true" /><select idref="V-258124" selected="true" /><select idref="V-258125" selected="true" /><select idref="V-258126" selected="true" /><select idref="V-258127" selected="true" /><select idref="V-258128" selected="true" /><select idref="V-258129" selected="true" /><select idref="V-258131" selected="true" /><select idref="V-258132" selected="true" /><select idref="V-258133" selected="true" /><select idref="V-258134" selected="true" /><select idref="V-258135" selected="true" /><select idref="V-258136" selected="true" /><select idref="V-258137" selected="true" /><select idref="V-258138" selected="true" /><select idref="V-258139" selected="true" /><select idref="V-258140" selected="true" /><select idref="V-258141" selected="true" /><select idref="V-258142" selected="true" /><select idref="V-258143" selected="true" /><select idref="V-258144" selected="true" /><select idref="V-258146" selected="true" /><select idref="V-258147" selected="true" /><select idref="V-258148" selected="true" /><select idref="V-258149" selected="true" /><select idref="V-258150" selected="true" /><select idref="V-258151" selected="true" /><select idref="V-258152" selected="true" /><select idref="V-258153" selected="true" /><select idref="V-258154" selected="true" /><select idref="V-258155" selected="true" /><select idref="V-258156" selected="true" /><select idref="V-258157" selected="true" /><select idref="V-258158" selected="true" /><select idref="V-258159" selected="true" /><select idref="V-258160" selected="true" /><select idref="V-258161" selected="true" /><select idref="V-258162" selected="true" /><select idref="V-258163" selected="true" /><select idref="V-258164" selected="true" /><select idref="V-258165" selected="true" /><select idref="V-258166" selected="true" /><select idref="V-258167" selected="true" /><select idref="V-258168" selected="true" /><select idref="V-258169" selected="true" /><select idref="V-258170" selected="true" /><select idref="V-258171" selected="true" /><select idref="V-258173" selected="true" /><select idref="V-258174" selected="true" /><select idref="V-258175" selected="true" /><select idref="V-258176" selected="true" /><select idref="V-258177" selected="true" /><select idref="V-258178" selected="true" /><select idref="V-258179" selected="true" /><select idref="V-258180" selected="true" /><select idref="V-258181" selected="true" /><select idref="V-258182" selected="true" /><select idref="V-258183" selected="true" /><select idref="V-258184" selected="true" /><select idref="V-258185" selected="true" /><select idref="V-258186" selected="true" /><select idref="V-258187" selected="true" /><select idref="V-258188" selected="true" /><select idref="V-258189" selected="true" /><select idref="V-258190" selected="true" /><select idref="V-258191" selected="true" /><select idref="V-258192" selected="true" /><select idref="V-258193" selected="true" /><select idref="V-258194" selected="true" /><select idref="V-258195" selected="true" /><select idref="V-258196" selected="true" /><select idref="V-258197" selected="true" /><select idref="V-258198" selected="true" /><select idref="V-258199" selected="true" /><select idref="V-258200" selected="true" /><select idref="V-258201" selected="true" /><select idref="V-258202" selected="true" /><select idref="V-258203" selected="true" /><select idref="V-258204" selected="true" /><select idref="V-258205" selected="true" /><select idref="V-258206" selected="true" /><select idref="V-258207" selected="true" /><select idref="V-258208" selected="true" /><select idref="V-258209" selected="true" /><select idref="V-258210" selected="true" /><select idref="V-258211" selected="true" /><select idref="V-258212" selected="true" /><select idref="V-258213" selected="true" /><select idref="V-258214" selected="true" /><select idref="V-258215" selected="true" /><select idref="V-258216" selected="true" /><select idref="V-258217" selected="true" /><select idref="V-258218" selected="true" /><select idref="V-258219" selected="true" /><select idref="V-258220" selected="true" /><select idref="V-258221" selected="true" /><select idref="V-258222" selected="true" /><select idref="V-258223" selected="true" /><select idref="V-258224" selected="true" /><select idref="V-258225" selected="true" /><select idref="V-258227" selected="true" /><select idref="V-258228" selected="true" /><select idref="V-258229" selected="true" /><select idref="V-258230" selected="true" /><select idref="V-258231" selected="true" /><select idref="V-258232" selected="true" /><select idref="V-258233" selected="true" /><select idref="V-258234" selected="true" /><select idref="V-258236" selected="true" /><select idref="V-258241" selected="true" /><select idref="V-258242" selected="true" /><select idref="V-270174" selected="true" /><select idref="V-270175" selected="true" /><select idref="V-270176" selected="true" /><select idref="V-270177" selected="true" /><select idref="V-270178" selected="true" /><select idref="V-270180" selected="true" /><select idref="V-272488" selected="true" /><select idref="V-272496" selected="true" /><select idref="V-279936" selected="true" /></Profile><Group id="V-257777"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257777r1155676_rule" weight="10.0" severity="high"><version>RHEL-09-211010</version><title>RHEL 9 must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
 
-Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61442r925317_fix">Upgrade to a supported version of RHEL 9.</fixtext><fix id="F-61442r925317_fix" /><check system="C-61518r925316_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that the version or RHEL 9 is vendor supported with the following command:
+End Of Life dates for Red Hat Linux 9 releases are as follows:
+Current end of Full Support for Red Hat Linux 9 is 31 May 2027.
+Current end of Maintenance Support for Red Hat Linux 9 is 31 May 3032.
+Current end of Extended Life Cycle Support (ELS) for Red Hat Linux 9 is 31 May 2035.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61442r925317_fix">Upgrade to a supported version of RHEL 9.</fixtext><fix id="F-61442r925317_fix" /><check system="C-61518r1155675_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the version or RHEL 9 is vendor supported with the following command:
 
 $ cat /etc/redhat-release 
 
-Red Hat Enterprise Linux release 9.2 (Plow)
+Red Hat Enterprise Linux release 9.6 (Plow)
 
 If the installed version of RHEL 9 is not supported, this is a finding.</check-content></check></Rule></Group><Group id="V-257778"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257778r1134892_rule" weight="10.0" severity="medium"><version>RHEL-09-211015</version><title>RHEL 9 vendor packaged system security patches and updates must be installed and up to date.</title><description>&lt;VulnDiscussion&gt;Installing software updates is a fundamental mitigation against the exploitation of publicly known vulnerabilities. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61443r925320_fix">Install RHEL 9 security patches and updates at the organizationally defined frequency. If system updates are installed via a centralized repository that is configured on the system, all updates can be installed with the following command:
 
@@ -99,19 +102,24 @@ $ systemctl is-active systemd-journald
 
 active
 
-If the systemd-journald service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-257784"><title>SRG-OS-000324-GPOS-00125</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257784r1044832_rule" weight="10.0" severity="high"><version>RHEL-09-211045</version><title>The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
+If the systemd-journald service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-257784"><title>SRG-OS-000324-GPOS-00125</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257784r1155651_rule" weight="10.0" severity="high"><version>RHEL-09-211045</version><title>The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
 
-Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61449r925338_fix">Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the "/etc/systemd/system.conf" configuration file:
+Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61449r1155650_fix">Configure RHEL 9 to disable the CtrlAltDelBurstAction by adding it to a drop file in a "/etc/systemd/system.conf.d/" configuration file:
+
+If no drop file exists, create one with the following command:
+
+$ sudo mkdir -p /etc/systemd/system.conf.d &amp;&amp; sudo vi /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction
+
+Edit the file to contain the setting by adding the following text:
 
 CtrlAltDelBurstAction=none
 
 Reload the daemon for this change to take effect.
 
-$ sudo systemctl daemon-reload</fixtext><fix id="F-61449r925338_fix" /><check system="C-61525r925337_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:
+$ sudo systemctl daemon-reload</fixtext><fix id="F-61449r1155650_fix" /><check system="C-61525r1155649_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command:
 
-$ grep -i ctrl /etc/systemd/system.conf
-
-CtrlAltDelBurstAction=none
+$ sudo grep -iR CtrlAltDelBurstAction /etc/systemd/system*
+/etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction:CtrlAltDelBurstAction=none
 
 If the "CtrlAltDelBurstAction" is not set to "none", commented out, or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257785"><title>SRG-OS-000324-GPOS-00125</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257785r1044833_rule" weight="10.0" severity="high"><version>RHEL-09-211050</version><title>The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
 
@@ -139,7 +147,7 @@ debug-shell.service
 Loaded: masked (Reason: Unit debug-shell.service is masked.)
 Active: inactive (dead)
 
-If the "debug-shell.service" is loaded and not masked, this is a finding.</check-content></check></Rule></Group><Group id="V-257787"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257787r1117265_rule" weight="10.0" severity="medium"><version>RHEL-09-212010</version><title>RHEL 9 must require a boot loader superuser password.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
+If the "debug-shell.service" is loaded and not masked, this is a finding.</check-content></check></Rule></Group><Group id="V-257787"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257787r1137691_rule" weight="10.0" severity="medium"><version>RHEL-09-212010</version><title>RHEL 9 must require a boot loader superuser password.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
 
 Password protection on the boot loader configuration ensures users with physical access cannot trivially alter important bootloader settings. These include which kernel to use, and whether to enter single-user mode.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61452r925347_fix">Configure RHEL 9 to require a grub bootloader password for the grub superuser account.
 
@@ -170,7 +178,7 @@ Check that the current GRUB 2 configuration disables the ability of systemd to s
 
 $ sudo grubby --info=ALL | grep args | grep 'systemd.confirm_spawn'
 
-If any output is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257789"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257789r1134895_rule" weight="10.0" severity="high"><version>RHEL-09-212020</version><title>RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;Having a nondefault grub superuser username makes password-guessing attacks less effective.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61454r1134894_fix">Configure RHEL 9 to have a unique username for the grub superuser account.
+If any output is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257789"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257789r1137691_rule" weight="10.0" severity="high"><version>RHEL-09-212020</version><title>RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;Having a nondefault grub superuser username makes password-guessing attacks less effective.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61454r1134894_fix">Configure RHEL 9 to have a unique username for the grub superuser account.
 
 Edit the "/etc/grub.d/01_users" file and add or modify the following lines with a nondefault username for the superuser account:
 
@@ -320,7 +328,7 @@ $ grep audit /etc/default/grub
 
 GRUB_CMDLINE_LINUX="audit=1"
 
-If "audit" is not set to "1", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-257797"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257797r1117266_rule" weight="10.0" severity="medium"><version>RHEL-09-213010</version><title>RHEL 9 must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If "audit" is not set to "1", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-257797"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257797r1155691_rule" weight="10.0" severity="medium"><version>RHEL-09-213010</version><title>RHEL 9 must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DOD or other government agencies.
 
@@ -328,7 +336,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -337,41 +345,25 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61462r1102065_fix">Configure RHEL 9 to restrict access to the kernel message buffer.
+Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61462r1155690_fix">Configure RHEL 9 to restrict access to the kernel message buffer.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-kernel.dmesg_restrict = 1
+$ sudo vi /etc/sysctl.d/99-dmesg_restrict.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+kernel.dmesg_restrict = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61462r1102065_fix" /><check system="C-61538r1106424_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to restrict access to the kernel message buffer with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-61462r1155690_fix" /><check system="C-61538r1155689_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to restrict access to the kernel message buffer.
 
-Check the status of the kernel.dmesg_restrict kernel parameter.
+Check the status of the "kernel.dmesg_restrict" kernel parameter with the following command:
 
 $ sudo sysctl kernel.dmesg_restrict
-
 kernel.dmesg_restrict = 1
 
-If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
-
-If "kernel.dmesg_restrict" is not set to "1", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257798"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257798r1117266_rule" weight="10.0" severity="medium"><version>RHEL-09-213015</version><title>RHEL 9 must prevent kernel profiling by nonprivileged users.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257798"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257798r1155694_rule" weight="10.0" severity="medium"><version>RHEL-09-213015</version><title>RHEL 9 must prevent kernel profiling by nonprivileged users.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DOD or other government agencies.
 
@@ -379,7 +371,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -388,45 +380,29 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61463r1102051_fix">Configure RHEL 9 to prevent kernel profiling by nonprivileged users.
+Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61463r1155693_fix">Configure RHEL 9 to prevent kernel profiling by nonprivileged users.
+
+Create a drop-in if it does not already exist:
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+$ sudo vi /etc/sysctl.d/99-kernel_perf_event_paranoid.conf
 
+Add the following to the file:
 kernel.perf_event_paranoid = 2
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Reload settings from all system configuration files with the following command:
 
-Load settings from all system configuration files with the following command:
+$ sudo sysctl --system</fixtext><fix id="F-61463r1155693_fix" /><check system="C-61539r1155692_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to prevent kernel profiling by nonprivileged users.
 
-$ sudo sysctl --system</fixtext><fix id="F-61463r1102051_fix" /><check system="C-61539r1106426_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to prevent kernel profiling by nonprivileged users with the following commands:
-
-Check the status of the kernel.perf_event_paranoid kernel parameter.
+Check the status of the "kernel.perf_event_paranoid" kernel parameter.
 
 $ sudo sysctl kernel.perf_event_paranoid
-
 kernel.perf_event_paranoid = 2
 
-If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.perf_event_paranoid /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:kernel.perf_event_paranoid = 2
-
-If "kernel.perf_event_paranoid" is not set to "2", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257799"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257799r1106273_rule" weight="10.0" severity="medium"><version>RHEL-09-213020</version><title>RHEL 9 must prevent the loading of a new kernel for later execution.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257799"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257799r1155697_rule" weight="10.0" severity="medium"><version>RHEL-09-213020</version><title>RHEL 9 must prevent the loading of a new kernel for later execution.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 
 Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -435,41 +411,27 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000366-GPOS-00153&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-003992</ident><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-61464r1106272_fix">Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000366-GPOS-00153&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-003992</ident><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-61464r1155696_fix">Configure RHEL 9 to disable kernel image loading.
 
-kernel.kexec_load_disabled = 1
+Create a drop-in if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61464r1106272_fix" /><check system="C-61540r1106271_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to disable kernel image loading.
-
-Check the status of the kernel.kexec_load_disabled kernel parameter.
-
-$ sudo sysctl kernel.kexec_load_disabled
+$ sudo vi /etc/sysctl.d/99-kernel_kexec_load_disabled.conf
 
+Add the following to the file:
 kernel.kexec_load_disabled = 1
 
-If "kernel.kexec_load_disabled" is not set to "1" or is missing, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this kernel parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61464r1155696_fix" /><check system="C-61540r1155695_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to disable kernel image loading.
 
-$ sudo grep -r kernel.kexec_load_disabled /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "kernel.kexec_load_disabled" kernel parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf:kernel.kexec_load_disabled = 1
+$ sudo sysctl kernel.kexec_load_disabled
+kernel.kexec_load_disabled = 1
 
-If "kernel.kexec_load_disabled" is not set to "1", is missing, or commented out, this is a finding.
+If "kernel.kexec_load_disabled" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257800"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257800r1155700_rule" weight="10.0" severity="medium"><version>RHEL-09-213025</version><title>RHEL 9 must restrict exposed kernel pointer addresses access.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257800"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257800r1117266_rule" weight="10.0" severity="medium"><version>RHEL-09-213025</version><title>RHEL 9 must restrict exposed kernel pointer addresses access.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -478,43 +440,31 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-61465r1106275_fix">Configure RHEL 9 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory:
-
-kernel.kptr_restrict = 1
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-61465r1155699_fix">Configure RHEL 9 to restrict exposed kernel pointer addresses access.
 
-$ sudo sysctl --system</fixtext><fix id="F-61465r1106275_fix" /><check system="C-61541r1106274_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 restricts exposed kernel pointer addresses access with the following commands:
+Create a drop-in if it does not already exist:
 
-$ sudo sysctl kernel.kptr_restrict
+$ sudo vi /etc/sysctl.d/99-kernel_kptr_restrict.conf
 
+Add the following to the file:
 kernel.kptr_restrict = 1
 
-If the returned line does not have a value of "1" or "2", or a line is not returned, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
+Reload settings from all system configuration files with the following command:
 
-$ sudo grep -r kernel.kptr_restrict /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+$ sudo sysctl --system</fixtext><fix id="F-61465r1155699_fix" /><check system="C-61541r1155698_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to restrict exposed kernel pointer address access.
 
-/etc/sysctl.d/99-sysctl.conf: kernel.kptr_restrict = 1
+Verify the runtime status of the "kernel.kptr_restrict" kernel parameter with the following command:
 
-If "kernel.kptr_restrict" is not set to "1" or "2", is missing, or commented out, this is a finding.
+$ sudo sysctl kernel.kptr_restrict 
+kernel.kptr_restrict = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257801"><title>SRG-OS-000312-GPOS-00123</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257801r1106279_rule" weight="10.0" severity="medium"><version>RHEL-09-213030</version><title>RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+If "kernel.kptr_restrict" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257801"><title>SRG-OS-000312-GPOS-00123</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257801r1155703_rule" weight="10.0" severity="medium"><version>RHEL-09-213030</version><title>RHEL 9 must enable kernel parameters to enforce discretionary access control (DAC) on hardlinks.</title><description>&lt;VulnDiscussion&gt;DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
 
 When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
 
 By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -523,45 +473,31 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61466r1106278_fix">Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
-
-fs.protected_hardlinks = 1
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61466r1155702_fix">Configure RHEL 9 to enable DAC on hardlinks.
 
-$ sudo sysctl --system</fixtext><fix id="F-61466r1106278_fix" /><check system="C-61542r1106277_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to enable DAC on hardlinks.
+Create a drop-in if it does not already exist:
 
-Check the status of the fs.protected_hardlinks kernel parameter.
-
-$ sudo sysctl fs.protected_hardlinks
+$ sudo vi /etc/sysctl.d/99-fs_protected_hardlinks.conf
 
+Add the following to the file:
 fs.protected_hardlinks = 1
 
-If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
+Reload settings from all system configuration files with the following command:
 
-$ sudo grep -r fs.protected_hardlinks /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+$ sudo sysctl --system</fixtext><fix id="F-61466r1155702_fix" /><check system="C-61542r1155701_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to enable DAC on hardlinks.
 
-/etc/sysctl.d/99-sysctl.conf:fs.protected_hardlinks = 1
+Check the status of the "fs.protected_hardlinks" kernel parameter with the following command:
 
-If "fs.protected_hardlinks" is not set to "1", is missing, or commented out, this is a finding.
+$ sudo sysctl fs.protected_hardlinks
+fs.protected_hardlinks = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257802"><title>SRG-OS-000312-GPOS-00123</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257802r1106282_rule" weight="10.0" severity="medium"><version>RHEL-09-213035</version><title>RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257802"><title>SRG-OS-000312-GPOS-00123</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257802r1155706_rule" weight="10.0" severity="medium"><version>RHEL-09-213035</version><title>RHEL 9 must enable kernel parameters to enforce discretionary access (DAC) control on symlinks.</title><description>&lt;VulnDiscussion&gt;DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
 
 When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
 
 By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower match, or when the directory owner matches the symlink's owner. Disallowing such symlinks helps mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -570,82 +506,52 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61467r1106281_fix">Configure RHEL 9 to enable DAC on symlinks.
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-61467r1155705_fix">Configure RHEL 9 to enable DAC on symlinks with the following:
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-fs.protected_symlinks = 1
+$ sudo vi /etc/sysctl.d/99-fs_protected_symlinks.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+fs.protected_symlinks = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61467r1106281_fix" /><check system="C-61543r1106280_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to enable DAC on symlinks.
+$ sudo sysctl --system</fixtext><fix id="F-61467r1155705_fix" /><check system="C-61543r1155704_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to enable DAC on symlinks.
 
-Check the status of the fs.protected_symlinks kernel parameter.
+Check the status of the "fs.protected_symlinks" kernel parameter with the following command:
 
 $ sudo sysctl fs.protected_symlinks
-
 fs.protected_symlinks = 1
 
-If "fs.protected_symlinks" is not set to "1" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r fs.protected_symlinks /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+If "fs.protected_symlinks" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257803"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257803r1155668_rule" weight="10.0" severity="medium"><version>RHEL-09-213040</version><title>RHEL 9 must disable the kernel.core_pattern.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
 
-/etc/sysctl.d/99-sysctl.conf:fs.protected_symlinks = 1
-
-If "fs.protected_symlinks" is not set to "1", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257803"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257803r1106429_rule" weight="10.0" severity="medium"><version>RHEL-09-213040</version><title>RHEL 9 must disable the kernel.core_pattern.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61468r1106428_fix">Configure RHEL 9 to disable storing core dumps.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61468r1155667_fix">Configure RHEL 9 to disable storing core dumps. 
+
+Create a drop-in if it does not already exist:
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+$ sudo vi /etc/sysctl.d/99-kernel_core_pattern.conf
 
+Add the following to the file:
 kernel.core_pattern = |/bin/false
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Reload settings from all system configuration files with the following command:
 
-The system configuration files must reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+$ sudo sysctl --system</fixtext><fix id="F-61468r1155667_fix" /><check system="C-61544r1155666_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 disables storing core dumps.
 
-$ sudo sysctl --system</fixtext><fix id="F-61468r1106428_fix" /><check system="C-61544r1106283_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 disables storing core dumps with the following commands:
+Check the status of the "kernel.core_pattern" kernel parameter with the following command:
 
 $ sudo sysctl kernel.core_pattern
-
 kernel.core_pattern = |/bin/false
 
-If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.core_pattern /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:kernel.core_pattern = |/bin/false
-
-If "kernel.core_pattern" is not set to "|/bin/false", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257804"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257804r1044853_rule" weight="10.0" severity="medium"><version>RHEL-09-213045</version><title>RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.</title><description>&lt;VulnDiscussion&gt;Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-61469r925398_fix">To configure the system to prevent the atm kernel module from being loaded, add the following line to the file  /etc/modprobe.d/atm.conf (or create atm.conf if it does not exist):
+If "kernel.core_pattern" is not set to "|/bin/false", or a line is not returned and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257804"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257804r1044853_rule" weight="10.0" severity="medium"><version>RHEL-09-213045</version><title>RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.</title><description>&lt;VulnDiscussion&gt;Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-61469r925398_fix">To configure the system to prevent the atm kernel module from being loaded, add the following line to the file  /etc/modprobe.d/atm.conf (or create atm.conf if it does not exist):
 
 install atm /bin/false
 blacklist atm</fixtext><fix id="F-61469r925398_fix" /><check system="C-61545r1044852_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 disables the ability to load the ATM kernel module with the following command:
@@ -703,11 +609,11 @@ $ grep -r tipc /etc/modprobe.conf /etc/modprobe.d/*
 install tipc /bin/false
 blacklist tipc
 
-If the command does not return any output, or the lines are commented out, and use of tipc is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257809"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257809r1106288_rule" weight="10.0" severity="medium"><version>RHEL-09-213070</version><title>RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+If the command does not return any output, or the lines are commented out, and use of tipc is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257809"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257809r1155709_rule" weight="10.0" severity="medium"><version>RHEL-09-213070</version><title>RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
 
 Examples of attacks are buffer overflow attacks.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -716,41 +622,27 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-61474r1106287_fix">Configure RHEL 9 to implement virtual address space randomization.
+Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-61474r1155708_fix">Configure RHEL 9 to implement ASLR.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create the drop-in if it does not already exist:
 
-kernel.randomize_va_space=2
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Issue the following command to make the changes take effect:
-
-$ sudo sysctl --system</fixtext><fix id="F-61474r1106287_fix" /><check system="C-61550r1106286_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 implements ASLR with the following command:
-
-$ sudo sysctl kernel.randomize_va_space
+$ sudo vi /etc/sysctl.d/99-kernel_randomize_va_space.conf
 
+Add the following line to the file:
 kernel.randomize_va_space = 2
 
-If "kernel.randomize_va_space" is not set to "2", this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this kernel parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61474r1155708_fix" /><check system="C-61550r1155707_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is implementing ASLR.
 
-$ sudo grep -r kernel.randomize_va_space /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "kernel.randomize_va_space" kernel parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf:kernel.randomize_va_space = 2
+$ sudo sysctl kernel.randomize_va_space
+kernel.randomize_va_space = 2
 
-If "kernel.randomize_va_space" is not set to "2", is missing, or commented out, this is a finding.
+If "kernel.randomize_va_space" is not set to "2" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257810"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257810r1155712_rule" weight="10.0" severity="medium"><version>RHEL-09-213075</version><title>RHEL 9 must disable access to network bpf system call from nonprivileged processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257810"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257810r1117266_rule" weight="10.0" severity="medium"><version>RHEL-09-213075</version><title>RHEL 9 must disable access to network bpf system call from nonprivileged processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -759,37 +651,25 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><fixtext fixref="F-61475r1106430_fix">Configure RHEL 9 to prevent privilege escalation through the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory:
-
-kernel.unprivileged_bpf_disabled = 1
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><fixtext fixref="F-61475r1155711_fix">Configure RHEL 9 to prevent privilege escalation through the kernel by disabling access to the bpf system call.
 
-$ sudo sysctl --system</fixtext><fix id="F-61475r1106430_fix" /><check system="C-61551r1106289_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 prevents privilege escalation through the kernel by disabling access to the bpf syscall with the following commands:
+Create the drop-in file if it does not already exist:
 
-$ sudo sysctl kernel.unprivileged_bpf_disabled
+$ sudo vi /etc/sysctl.d/99-kernel_unprivileged_bpf_disabled.conf
 
+Add the following line to the file:
 kernel.unprivileged_bpf_disabled = 1
 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61475r1155711_fix" /><check system="C-61551r1155710_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 prevents privilege escalation through the kernel by disabling access to the bpf system call.
 
-$ sudo grep -r kernel.unprivileged_bpf_disabled /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "kernel.unprivileged_bpf_disabled" kernel parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf: kernel.unprivileged_bpf_disabled = 1
-
-If "kernel.unprivileged_bpf_disabled" is not set to "1", is missing, or commented out, this is a finding.
+$ sysctl kernel.unprivileged_bpf_disabled
+kernel.unprivileged_bpf_disabled = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257811"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257811r1117266_rule" weight="10.0" severity="medium"><version>RHEL-09-213080</version><title>RHEL 9 must restrict usage of ptrace to descendant processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If "kernel.unprivileged_bpf_disabled" is not set to "1", or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257811"><title>SRG-OS-000132-GPOS-00067</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257811r1155674_rule" weight="10.0" severity="medium"><version>RHEL-09-213080</version><title>RHEL 9 must restrict usage of ptrace to descendant processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
@@ -800,37 +680,25 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><fixtext fixref="F-61476r1106432_fix">Configure RHEL 9 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory:
+Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001082</ident><fixtext fixref="F-61476r1155673_fix">Configure RHEL 9 to restrict the usage of ptrace to descendant processes.
 
-kernel.yama.ptrace_scope = 1
+Create the drop-in if it doesn't already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61476r1106432_fix" /><check system="C-61552r1106292_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 restricts usage of ptrace to descendant processes with the following commands:
-
-$ sudo sysctl kernel.yama.ptrace_scope
+$ sudo vi /etc/sysctl.d/99-kernel_yama.ptrace_scope.conf
 
+Add the following line to the file:
 kernel.yama.ptrace_scope = 1
 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61476r1155673_fix" /><check system="C-61552r1155672_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 restricts the usage of ptrace to descendant processes.
 
-$ sudo grep -r kernel.yama.ptrace_scope /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "kernel.yama.ptrace_scope" kernel parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf: kernel.yama.ptrace_scope = 1
-
-If "kernel.yama.ptrace_scope" is not set to "1", is missing, or commented out, this is a finding.
+$ sysctl kernel.yama.ptrace_scope
+kernel.yama.ptrace_scope = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257812"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257812r1134897_rule" weight="10.0" severity="medium"><version>RHEL-09-213085</version><title>RHEL 9 must disable core dump backtraces.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or system operators trying to debug problems.
+If the network parameter "kernel.yama.ptrace_scope" is not equal to "1", or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257812"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257812r1134897_rule" weight="10.0" severity="medium"><version>RHEL-09-213085</version><title>RHEL 9 must disable core dump backtraces.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or system operators trying to debug problems.
 
 Enabling core dumps on production systems is not recommended; however, there may be overriding operational requirements to enable advanced debugging. Permitting temporary enablement of core dumps during such situations must be reviewed through local needs and policy.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61477r925422_fix">Configure the operating system to disable core dump backtraces.
 
@@ -856,21 +724,25 @@ $ grep -i storage /etc/systemd/coredump.conf
 
 Storage=none
 
-If the "Storage" item is missing or commented out, or the value is anything other than "none", and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement for all domains that have the "core" item assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-257814"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257814r1134901_rule" weight="10.0" severity="medium"><version>RHEL-09-213095</version><title>RHEL 9 must disable core dumps for all users.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61479r925428_fix">Configure the operating system to disable core dumps for all users.
+If the "Storage" item is missing or commented out, or the value is anything other than "none", and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement for all domains that have the "core" item assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-257814"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257814r1156057_rule" weight="10.0" severity="medium"><version>RHEL-09-213095</version><title>RHEL 9 must disable core dumps for all users.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61479r1155592_fix">Configure RHEL 9 to disable core dumps for all users.
 
 Add the following line to the top of the /etc/security/limits.conf or in a single ".conf" file defined in /etc/security/limits.d/:
 
-* hard core 0</fixtext><fix id="F-61479r925428_fix" /><check system="C-61555r1134900_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If kernel dumps are disabled in accordance with RHEL-09-213040, this requirement is not applicable.
+* hard core 0
+
+Remove or comment out any entries for users or groups with a value set to anything other than "0".</fixtext><fix id="F-61479r1155592_fix" /><check system="C-61555r1156056_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If kernel dumps are disabled in accordance with RHEL-09-213040, this requirement is not applicable.
 
 Verify RHEL 9 disables core dumps for all users by issuing the following command:
 
-$ grep -r -s core /etc/security/limits.conf /etc/security/limits.d/*.conf
+$ grep -rs core /etc/security/limits.conf /etc/security/limits.d/*.conf
 
 /etc/security/limits.conf:* hard core 0
 
 This can be set as a global domain (with the * wildcard) but may be set differently for multiple domains.
 
-If the "core" item is missing or commented out, or the value is anything other than "0", and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement for all domains that have the "core" item assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-257815"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257815r1134903_rule" weight="10.0" severity="medium"><version>RHEL-09-213100</version><title>RHEL 9 must disable acquiring, saving, and processing core dumps.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61480r925431_fix">Configure the system to disable the systemd-coredump.socket with the following command:
+If the "core" item is missing or commented out, or the value is anything other than "0", and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement for all domains that have the "core" item assigned, this is a finding.
+
+If entries exist for users or groups with a value set to anything other than "0", this is a finding.</check-content></check></Rule></Group><Group id="V-257815"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257815r1134903_rule" weight="10.0" severity="medium"><version>RHEL-09-213100</version><title>RHEL 9 must disable acquiring, saving, and processing core dumps.</title><description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61480r925431_fix">Configure the system to disable the systemd-coredump.socket with the following command:
 
 $ sudo systemctl mask --now systemd-coredump.socket
 
@@ -888,46 +760,36 @@ systemd-coredump.socket
 Loaded: masked (Reason: Unit systemd-coredump.socket is masked.)
 Active: inactive (dead)
 
-If the "systemd-coredump.socket" is loaded and not masked, and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257816"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257816r1106435_rule" weight="10.0" severity="medium"><version>RHEL-09-213105</version><title>RHEL 9 must disable the use of user namespaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the "systemd-coredump.socket" is loaded and not masked, and the need for core dumps is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257816"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257816r1155715_rule" weight="10.0" severity="medium"><version>RHEL-09-213105</version><title>RHEL 9 must disable the use of user namespaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61481r1106434_fix">Configure RHEL 9 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d" directory:
-
-user.max_user_namespaces = 0
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61481r1155714_fix">Configure RHEL 9 to disable the use of user namespaces.
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Create the drop-in if it does not already exist:
 
-$ sudo sysctl --system</fixtext><fix id="F-61481r1106434_fix" /><check system="C-61557r1106295_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 disables the use of user namespaces with the following commands:
+$ sudo vi /etc/sysctl.d/99-user_max_user_namespaces.conf
 
-$ sudo sysctl user.max_user_namespaces
+Add the following line to the file:
 
 user.max_user_namespaces = 0
 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61481r1155714_fix" /><check system="C-61557r1155713_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 disables the use of user namespaces.
 
-$ sudo grep -r user.max_user_namespaces /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "user.max_user_namespaces" parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf: user.max_user_namespaces = 0
+$ sudo sysctl user.max_user_namespaces
 
-If "user.max_user_namespaces" is not set to "0", is missing, or commented out, this is a finding.
+user.max_user_namespaces = 0
 
-If conflicting results are returned, this is a finding.
+If "user.max_user_namespaces" is not set to "0" or is missing, this is a finding.
 
 If the use of namespaces is operationally required and documented with the information system security manager (ISSM), it is not a finding.</check-content></check></Rule></Group><Group id="V-257817"><title>SRG-OS-000433-GPOS-00192</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257817r1069383_rule" weight="10.0" severity="medium"><version>RHEL-09-213110</version><title>RHEL 9 must implement nonexecutable data to protect its memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;ExecShield uses the segmentation feature on all x86 systems to prevent execution in memory higher than a certain address. It writes an address as a limit in the code segment descriptor, to control where code can be executed, on a per-process basis. When the kernel places a process's memory regions such as the stack and heap higher than this address, the hardware prevents execution in that address range. This is enabled by default on the latest Red Hat and Fedora systems if supported by the hardware.
 
@@ -1048,19 +910,22 @@ localpkg_gpgcheck=1
 
 If "localpkg_gpgcheck" is not set to "1", or if the option is missing or commented out, ask the system administrator how the GPG signatures of local software packages are being verified.
 
-If there is no process to verify GPG signatures that is approved by the organization, this is a finding.</check-content></check></Rule></Group><Group id="V-257822"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257822r1044880_rule" weight="10.0" severity="high"><version>RHEL-09-214025</version><title>RHEL 9 must have GPG signature verification enabled for all software repositories.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+If there is no process to verify GPG signatures that is approved by the organization, this is a finding.</check-content></check></Rule></Group><Group id="V-257822"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257822r1155615_rule" weight="10.0" severity="high"><version>RHEL-09-214025</version><title>RHEL 9 must have GPG signature verification enabled for all software repositories.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 
 All software packages must be signed with a cryptographic key recognized and approved by the organization.
 
 Verifying the authenticity of software prior to installation validates the integrity of the software package received from a vendor. This verifies the software has not been tampered with and that it has been provided by a trusted vendor.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-003992</ident><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-61487r925452_fix">Configure all software repositories defined in "/etc/yum.repos.d/" to have "gpgcheck" enabled:
 
-$ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*</fixtext><fix id="F-61487r925452_fix" /><check system="C-61563r1044879_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that all software repositories defined in "/etc/yum.repos.d/" have been configured with "gpgcheck" enabled:
+$ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*</fixtext><fix id="F-61487r925452_fix" /><check system="C-61563r1155614_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify all software repositories defined in "/etc/yum.repos.d/" have been configured with "gpgcheck" enabled:
 
 $ grep -w gpgcheck /etc/yum.repos.d/*.repo | more
 
-gpgcheck = 1
+/etc/yum.repos.d/redhat.repo:gpgcheck = 1
 
-If "gpgcheck" is not set to "1" for all returned lines, this is a finding.</check-content></check></Rule></Group><Group id="V-257823"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257823r1051231_rule" weight="10.0" severity="medium"><version>RHEL-09-214030</version><title>RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.</title><description>&lt;VulnDiscussion&gt;The hashes of important files such as system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61488r1051230_fix">Configure RHEL 9 so that the cryptographic hashes of system files match vendor values.
+For all listed repos, if "gpgcheck" is not set to "1", or if the option is missing or commented out, ask the system administrator how the GPG signatures of local software packages are being verified.
+
+If there is no process to verify GPG signatures that is approved by the organization, this is a finding.</check-content></check></Rule></Group><Group id="V-257823"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257823r1155641_rule" weight="10.0" severity="medium"><version>RHEL-09-214030</version><title>RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values.</title><description>&lt;VulnDiscussion&gt;The hashes of important files such as system executables should match the information given by the RPM database. Executables with erroneous hashes could be a sign of nefarious activity on the system.
+If the Check Text command returns results from third-party software vendors, it is an indication that the vendor is not implementing their rpm packages correctly and this must be corrected by the software vendor.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61488r1051230_fix">Configure RHEL 9 so that the cryptographic hashes of system files match vendor values.
 
 Given output from the check command, identify the package that provides the output and reinstall it. The following trimmed example output shows a package that has failed verification, been identified, and been reinstalled:
 
@@ -1076,7 +941,7 @@ $ sudo dnf -y reinstall gzip
 [...]
 
 $ sudo rpm -Va --noconfig | awk '$1 ~ /..5/ &amp;&amp; $2 != "c"'
-[no output]</fixtext><fix id="F-61488r1051230_fix" /><check system="C-61564r1051229_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 is configured so that the cryptographic hashes of system files match vendor values.
+[no output]</fixtext><fix id="F-61488r1051230_fix" /><check system="C-61564r1155640_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured so that the cryptographic hashes of system files match vendor values.
  
 List files on the system that have file hashes different from what is expected by the RPM database with the following command:
 
@@ -1168,7 +1033,7 @@ $ dnf list --installed telnet-server
 
 Error: No matching Packages to list
 
-If the "telnet-server" package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-257832"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257832r1044900_rule" weight="10.0" severity="medium"><version>RHEL-09-215045</version><title>RHEL 9 must not have the gssproxy package installed.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the "telnet-server" package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-257832"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257832r1155653_rule" weight="10.0" severity="medium"><version>RHEL-09-215045</version><title>RHEL 9 must not have the gssproxy package installed.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations (e.g., key missions, functions).
 
@@ -1176,7 +1041,9 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
 
 Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-61497r925482_fix">Remove the gssproxy package with the following command:
 
-$ sudo dnf remove gssproxy</fixtext><fix id="F-61497r925482_fix" /><check system="C-61573r1044899_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that the gssproxy package is not installed with the following command:
+$ sudo dnf remove gssproxy</fixtext><fix id="F-61497r925482_fix" /><check system="C-61573r1155652_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If NFS mounts are authorized and in use on the system, this control is not applicable.
+
+Verify the gssproxy package is not installed with the following command:
 
 $ dnf list --installed gssproxy
 
@@ -1210,17 +1077,45 @@ $ dnf list --installed tuned
 
 Error: No matching Packages to list
 
-If the "tuned" package is installed and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257835"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257835r1102037_rule" weight="10.0" severity="high"><version>RHEL-09-215060</version><title>RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.</title><description>&lt;VulnDiscussion&gt;Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services.
+If the "tuned" package is installed and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257835"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257835r1155679_rule" weight="10.0" severity="high"><version>RHEL-09-215060</version><title>The Trivial File Transfer Protocol (TFTP) server must not be installed unless it is required, and if required, the RHEL 9 TFTP daemon must be configured to operate in secure mode.</title><description>&lt;VulnDiscussion&gt;Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services.
+
+If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.
+
+Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61500r1155678_fix">Configure RHEL 9 so that TFTP operates in secure mode if installed.
+
+If TFTP server is not required, remove it with the following command:
+$ sudo dnf -y remove tftp-server
 
-If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61500r952170_fix">The "tftp-server" package can be removed with the following command:
+Configure the TFTP daemon to operate in secure mode with the following command:
+$ sudo systemctl edit tftp.service
 
-$ sudo dnf remove tftp-server</fixtext><fix id="F-61500r952170_fix" /><check system="C-61576r1102036_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 does not have a "tftp-server" package installed with the following command:
+In the editor, enter:
+[Service]
+ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
+
+After making changes, reload the systemd daemon and restart the TFTP service as follows:
+
+$ sudo systemctl daemon-reload
+$ sudo systemctl restart tftp.service
+
+If the "-s" option is not present in the "ExecStart" line or if the line is missing, this is a finding.</fixtext><fix id="F-61500r1155678_fix" /><check system="C-61576r1155677_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify if TFTP is installed, it is configured to operate in secure mode.
+
+Note: If TFTP is not required, it must not be installed. If TFTP is not installed, this rule is not applicable.
+
+Check to see if TFTP server is installed with the following command:
 
 $ sudo dnf list --installed tftp-server
 
-Error: No matching Packages to list
+Updating Subscription Management repositories.
+Installed Packages
+tftp-server.x86_64                             5.2-38.el9                              @rhel-9-for-x86_64-appstream-rpms
+
+Verify the TFTP daemon, if tftp.server is installed, is configured to operate in secure mode with the following command:
+
+$ grep -i execstart /usr/lib/systemd/system/tftp.service
+ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
 
-If the "tftp-server" package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-257836"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257836r1044908_rule" weight="10.0" severity="medium"><version>RHEL-09-215065</version><title>RHEL 9 must not have the quagga package installed.</title><description>&lt;VulnDiscussion&gt;Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP) for Unix and Linux platforms.
+Note: The "-s" option ensures the TFTP server only serves files from the specified directory, which is a security measure to prevent unauthorized access to other parts of the file system.</check-content></check></Rule></Group><Group id="V-257836"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257836r1044908_rule" weight="10.0" severity="medium"><version>RHEL-09-215065</version><title>RHEL 9 must not have the quagga package installed.</title><description>&lt;VulnDiscussion&gt;Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP) for Unix and Linux platforms.
 
 If there is no need to make the router software available, removing it provides a safeguard against its activation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61501r925494_fix">Remove the quagga package with the following command:
 
@@ -1443,9 +1338,9 @@ $ mount | grep '\s/boot\s'
 
 /dev/sda1 on /boot type xfs (rw,nosuid,relatime,seclabe,attr2,inode64,noquota)
 
-If the /boot file system does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-257862"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257862r1134908_rule" weight="10.0" severity="medium"><version>RHEL-09-231105</version><title>RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
+If the /boot file system does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-257862"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257862r1155661_rule" weight="10.0" severity="medium"><version>RHEL-09-231105</version><title>RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
 
-Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61527r1051264_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/boot/efi" directory.</fixtext><fix id="F-61527r1051264_fix" /><check system="C-61603r1134907_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: For systems that use BIOS, this requirement is not applicable. 
+Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61527r1051264_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/boot/efi" directory.</fixtext><fix id="F-61527r1051264_fix" /><check system="C-61603r1155660_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: For systems that use vfat file systems and for systems that use BIOS, this requirement is not applicable. 
 
 Verify the /boot/efi directory is mounted with the "nosuid" option with the following command:
 
@@ -1455,60 +1350,58 @@ $ mount | grep '\s/boot/efi\s'
 
 If the /boot/efi file system does not have the "nosuid" option set, this is a finding.
 
-Note: This control is not applicable to vfat file systems.</check-content></check></Rule></Group><Group id="V-257863"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257863r958804_rule" weight="10.0" severity="medium"><version>RHEL-09-231110</version><title>RHEL 9 must mount /dev/shm with the nodev option.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
+Note: This control is not applicable to vfat file systems.</check-content></check></Rule></Group><Group id="V-257863"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257863r1155633_rule" weight="10.0" severity="medium"><version>RHEL-09-231110</version><title>RHEL 9 must mount /dev/shm with the nodev option.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
 
-The only legitimate location for device files is the "/dev" directory located on the root partition, with the exception of chroot jails if implemented.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61528r925575_fix">Modify "/etc/fstab" to use the "nodev" option on the "/dev/shm" file system.</fixtext><fix id="F-61528r925575_fix" /><check system="C-61604r925574_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "nodev" option with the following command:
+The only legitimate location for device files is the "/dev" directory located on the root partition, with the exception of chroot jails if implemented.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61528r1155632_fix">Configure "/dev/shm" to mount with the "nodev" option.
 
-$ mount | grep /dev/shm
+Modify "/etc/fstab" to use the "nodev" option on the "/dev/shm" file system.
 
-tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
 
-If the /dev/shm file system is mounted without the "nodev" option, this is a finding.</check-content></check></Rule></Group><Group id="V-257864"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257864r1106304_rule" weight="10.0" severity="medium"><version>RHEL-09-231115</version><title>RHEL 9 must mount /dev/shm with the noexec option.</title><description>&lt;VulnDiscussion&gt;The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61529r1106303_fix">Configure "/dev/shm" to mount with the "noexec" option.
+$ sudo systemctl daemon-reload
 
-Determine how /dev/shm is managed.
+Use the following command to apply the changes immediately without a reboot:
 
-$ systemctl status systemd-tmpfiles-setup
-If "active", systemd is managing temporary files (including /dev/shm).
-Otherwise, /etc/fstab is managing temporary files.
+$ sudo mount -o remount /dev/shm</fixtext><fix id="F-61528r1155632_fix" /><check system="C-61604r1155631_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "nodev" option with the following command:
 
-If systemd is managing /dev/shm, use the following commands to add the noexec option to the mount:
-     If /etc/tmpfiles.d does not exist, create it:
-     $ sudo mkdir -p /etc/tmpfiles.d
+$ findmnt /dev/shm
 
-     Add a configuration file with the appropriate options for /dev/shm as follows:
-     $ echo 'd /dev/shm 1777 root root 10d' | sudo tee /etc/tmpfiles.d/dev-shm.conf
-     $ echo 'x /dev/shm' | sudo tee -a /etc/tmpfiles.d/dev-shm.conf
+TARGET   SOURCE FSTYPE OPTIONS
+/dev/shm tmpfs  tmpfs  rw,nodev,nosuid,noexec,seclabel
 
-     Apply new mount options with the following commands:
-     $ sudo systemctl mask tmp.mount
-     Created symlink /etc/systemd/system/tmp.mount ? /dev/null.
+If the mount options for /dev/shm does not include nodev, this is a finding.</check-content></check></Rule></Group><Group id="V-257864"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257864r1155639_rule" weight="10.0" severity="medium"><version>RHEL-09-231115</version><title>RHEL 9 must mount /dev/shm with the noexec option.</title><description>&lt;VulnDiscussion&gt;The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61529r1155638_fix">Configure "/dev/shm" to mount with the "noexec" option.
 
-     $ echo 'tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,seclabel 0 0' | sudo tee -a /etc/fstab
-     $ sudo mount -o remount /dev/shm
-     $ sudo systemctl daemon-reload
+Modify "/etc/fstab" to use the "noexec" option on the "/dev/shm" file system.
 
-If /dev/shm is managed by /etc/fstab, use the following commands to add the noexec option to the mount:
-     $ sudo vi /etc/fstab
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
 
-     Add or modify the following line:
-     tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,seclabel 0 0
+$ sudo systemctl daemon-reload
 
-     Remount /dev/shm:
-     $ sudo mount -o remount /dev/shm
+Use the following command to apply the changes immediately without a reboot:
 
-Note: Although systemd manages tmpfs mounts by default, administrators can override settings by adding entries to /etc/fstab. Either approach is acceptable.</fixtext><fix id="F-61529r1106303_fix" /><check system="C-61605r1102006_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "noexec" option with the following command:
+$ sudo mount -o remount /dev/shm</fixtext><fix id="F-61529r1155638_fix" /><check system="C-61605r1155637_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "noexec" option with the following command:
 
 $ findmnt /dev/shm
-TARGET   SOURCE FSTYPE OPTIONS
-/dev/shm tmpfs  tmpfs  rw,nodev,nosuid,noexec,seclabel 0 0
 
-If the /dev/shm file system is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-257865"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257865r1044946_rule" weight="10.0" severity="medium"><version>RHEL-09-231120</version><title>RHEL 9 must mount /dev/shm with the nosuid option.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61530r925581_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/dev/shm" file system.</fixtext><fix id="F-61530r925581_fix" /><check system="C-61606r1044945_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "nosuid" option with the following command:
+/dev/shm tmpfs  tmpfs  rw,nodev,nosuid,noexec,seclabel
 
-$ mount | grep /dev/shm
+If the mount options for /dev/shm does not include noexec, this is a finding.</check-content></check></Rule></Group><Group id="V-257865"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257865r1155636_rule" weight="10.0" severity="medium"><version>RHEL-09-231120</version><title>RHEL 9 must mount /dev/shm with the nosuid option.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61530r1155635_fix">Configure "/dev/shm" to mount with the "nosuid" option.
+
+Modify "/etc/fstab" to use the "nosuid" option on the "/dev/shm" file system.
+
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
+
+$ sudo systemctl daemon-reload
 
-tmpfs on /dev/shm type tmpfs (rw,nodev,nosuid,noexec,seclabel)
+Use the following command to apply the changes immediately without a reboot:
 
-If the /dev/shm file system is mounted without the "nosuid" option, this is a finding.</check-content></check></Rule></Group><Group id="V-257866"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257866r958804_rule" weight="10.0" severity="medium"><version>RHEL-09-231125</version><title>RHEL 9 must mount /tmp with the nodev option.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
+$ sudo mount -o remount /dev/shm</fixtext><fix id="F-61530r1155635_fix" /><check system="C-61606r1155634_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/dev/shm" is mounted with the "nosuid" option with the following command:
+
+$ findmnt /dev/shm
+
+/dev/shm tmpfs  tmpfs  rw,nodev,nosuid,noexec,seclabel
+
+If the mount options for /dev/shm does not include nosuid, this is a finding.</check-content></check></Rule></Group><Group id="V-257866"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257866r958804_rule" weight="10.0" severity="medium"><version>RHEL-09-231125</version><title>RHEL 9 must mount /tmp with the nodev option.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
 
 The only legitimate location for device files is the "/dev" directory located on the root partition, with the exception of chroot jails if implemented.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-61531r925584_fix">Modify "/etc/fstab" to use the "nodev" option on the "/tmp" directory.</fixtext><fix id="F-61531r925584_fix" /><check system="C-61607r925583_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify "/tmp" is mounted with the "nodev" option:
 
@@ -1658,9 +1551,11 @@ $ grep -r cramfs /etc/modprobe.conf /etc/modprobe.d/*
 install cramfs /bin/false
 blacklist cramfs
 
-If the command does not return any output or the lines are commented out, and use of cramfs is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257881"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257881r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-231200</version><title>RHEL 9 must prevent special devices on non-root local partitions.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
+If the command does not return any output or the lines are commented out, and use of cramfs is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-257881"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257881r1155663_rule" weight="10.0" severity="medium"><version>RHEL-09-231200</version><title>RHEL 9 must prevent special devices on non-root local partitions.</title><description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
+
+The only legitimate location for device files is the "/dev" directory located on the root partition, with the exception of chroot jails if implemented.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61546r925629_fix">Configure the "/etc/fstab" to use the "nodev" option on all non-root local partitions.</fixtext><fix id="F-61546r925629_fix" /><check system="C-61622r1155662_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: This control is not applicable to vfat file systems.
 
-The only legitimate location for device files is the "/dev" directory located on the root partition, with the exception of chroot jails if implemented.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61546r925629_fix">Configure the "/etc/fstab" to use the "nodev" option on all non-root local partitions.</fixtext><fix id="F-61546r925629_fix" /><check system="C-61622r925628_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify all non-root local partitions are mounted with the "nodev" option with the following command:
+Verify all non-root local partitions are mounted with the "nodev" option with the following command:
 
 $ sudo mount | grep '^/dev\S* on /\S' | grep --invert-match 'nodev'
 
@@ -2125,19 +2020,19 @@ root /etc/cron.monthly
 root /etc/crontab
 root /etc/cron.weekly
 
-If any crontab is not group owned by root, this is a finding.</check-content></check></Rule></Group><Group id="V-257928"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257928r1044992_rule" weight="10.0" severity="medium"><version>RHEL-09-232240</version><title>All RHEL 9 world-writable directories must be owned by root, sys, bin, or an application user.</title><description>&lt;VulnDiscussion&gt;If a world-writable directory is not owned by root, sys, bin, or an application user identifier (UID), unauthorized users may be able to modify files created by others.
+If any crontab is not group owned by root, this is a finding.</check-content></check></Rule></Group><Group id="V-257928"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257928r1155576_rule" weight="10.0" severity="medium"><version>RHEL-09-232240</version><title>All RHEL 9 world-writable directories must be owned by root, sys, bin, or an application user.</title><description>&lt;VulnDiscussion&gt;If a world-writable directory is not owned by root, sys, bin, or an application user identifier (UID), unauthorized users may be able to modify files created by others.
 
 The only authorized public directories are those temporary directories supplied with the system or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system and by users for temporary file storage, (e.g., /tmp), and for directories requiring global read/write access.
 
-Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61593r925770_fix">Configure all public directories to be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.
+Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61593r1155575_fix">Configure all RHEL 9 public directories to be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.
 
-Set the owner of all public directories as root or a system account using the command, replace "[Public Directory]" with any directory path not owned by root or a system account:
+Use the following command template to set ownership of public directories to root or a system account:
 
-$ sudo chown root [Public Directory]</fixtext><fix id="F-61593r925770_fix" /><check system="C-61669r925769_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that world writable directories are owned by root, a system account, or an application account with the following command. It will discover and print world-writable directories that are not owned by root.  Run it once for each local partition [PART]:
+$ sudo chown [root or system account] [Public Directory]</fixtext><fix id="F-61593r1155575_fix" /><check system="C-61669r1155574_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 world writable directories are owned by root, a system account, or an application account with the following command:
 
-$ sudo find  PART  -xdev -type d -perm -0002 -uid +0 -print 
+$ sudo find / -xdev -type d -perm -0002 -uid +999 -exec stat -c "%U, %u, %A, %n" {} \; 2&gt;/dev/null
 
-If there is output, this is a finding.</check-content></check></Rule></Group><Group id="V-257929"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257929r1117267_rule" weight="10.0" severity="medium"><version>RHEL-09-232245</version><title>A sticky bit must be set on all RHEL 9 public directories.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If there is output that indicates world-writable directories are owned by any account other than root or an approved system account, this is a finding.</check-content></check></Rule></Group><Group id="V-257929"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257929r1137695_rule" weight="10.0" severity="medium"><version>RHEL-09-232245</version><title>A sticky bit must be set on all RHEL 9 public directories.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DOD or other government agencies.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-61594r925773_fix">Configure all world-writable directories to have the sticky bit set to prevent unauthorized and unintended information transferred via shared system resources.
 
@@ -2305,48 +2200,36 @@ $ sudo ip link set dev &lt;devicename&gt; multicast off promisc off</fixtext><fi
 
 $ ip link | grep -i promisc
 
-If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.</check-content></check></Rule></Group><Group id="V-257942"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257942r1106314_rule" weight="10.0" severity="medium"><version>RHEL-09-251045</version><title>RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.</check-content></check></Rule></Group><Group id="V-257942"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257942r1155718_rule" weight="10.0" severity="medium"><version>RHEL-09-251045</version><title>RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks. Setting the value to "2" enables JIT hardening for all users.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61607r1106313_fix">Configure RHEL 9 to enable hardening for the BPF JIT compiler by adding the following line to a file, in the "/etc/sysctl.d" directory:
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61607r1155717_fix">Configure RHEL 9 to enable hardening for the BPF JIT compiler.
 
-net.core.bpf_jit_harden = 2
+Create the drop-in file if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61607r1106313_fix" /><check system="C-61683r1101971_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 enables hardening for the BPF JIT with the following commands:
-
-$ sudo sysctl net.core.bpf_jit_harden
+$ sudo vi /etc/sysctl.d/99-net_core-bpf_jit_harden.conf
 
+Add the following line to the file:
 net.core.bpf_jit_harden = 2
 
-If the returned line does not have a value of "2", or a line is not returned, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61607r1155717_fix" /><check system="C-61683r1155716_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 enables hardening for the BPF JIT compiler.
 
-$ sudo grep -r net.core.bpf_jit_harden /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the status of the "net.core.bpf_jit_harden" parameter with the following command:
 
-/etc/sysctl.d/99-sysctl.conf: net.core.bpf_jit_harden = 2
-
-If "net.core.bpf_jit_harden" is not set to "2", is missing or commented out, this is a finding.
+$ sudo sysctl net.core.bpf_jit_harden
+net.core.bpf_jit_harden = 2
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257943"><title>SRG-OS-000355-GPOS-00143</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257943r1045001_rule" weight="10.0" severity="medium"><version>RHEL-09-252010</version><title>RHEL 9 must have the chrony package installed.</title><description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-004923</ident><ident system="http://cyber.mil/cci">CCI-001891</ident><fixtext fixref="F-61608r925815_fix">The chrony package can be installed with the following command:
+If "net.core.bpf_jit_harden" is not equal to "2" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257943"><title>SRG-OS-000355-GPOS-00143</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257943r1045001_rule" weight="10.0" severity="medium"><version>RHEL-09-252010</version><title>RHEL 9 must have the chrony package installed.</title><description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-004923</ident><ident system="http://cyber.mil/cci">CCI-001891</ident><fixtext fixref="F-61608r925815_fix">The chrony package can be installed with the following command:
  
 $ sudo dnf install chrony</fixtext><fix id="F-61608r925815_fix" /><check system="C-61684r1045000_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 has the chrony package installed with the following command:
 
@@ -2522,7 +2405,7 @@ $ sudo rm /[path]/[to]/[file]/.shosts</fixtext><fix id="F-61621r925854_fix" /><c
 
 $ sudo find / -name .shosts
 
-If a ".shosts" file is found, this is a finding.</check-content></check></Rule></Group><Group id="V-257957"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257957r1106317_rule" weight="10.0" severity="medium"><version>RHEL-09-253010</version><title>RHEL 9 must be configured to use TCP syncookies.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If a ".shosts" file is found, this is a finding.</check-content></check></Rule></Group><Group id="V-257957"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257957r1155618_rule" weight="10.0" severity="medium"><version>RHEL-09-253010</version><title>RHEL 9 must be configured to use TCP syncookies.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DOD or other government agencies.
 
@@ -2530,7 +2413,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -2539,127 +2422,79 @@ The sysctl --system command will load settings from all system configuration fil
 /lib/sysctl.d/*.conf
 /etc/sysctl.conf
 
-Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00071&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001095</ident><ident system="http://cyber.mil/cci">CCI-002385</ident><fixtext fixref="F-61622r1101958_fix">Configure RHEL 9 to use TCP syncookies.
+Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00071&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001095</ident><ident system="http://cyber.mil/cci">CCI-002385</ident><fixtext fixref="F-61622r1155617_fix">Configure RHEL 9 to use TCP syncookies.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.tcp_syncookies = 1
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-ipv4_tcp_syncookies.conf
 
-Load settings from all system configuration files with the following command:
+Add the following line to the file:
+net.ipv4.tcp_syncookies = 1
 
-$ sudo sysctl --system</fixtext><fix id="F-61622r1101958_fix" /><check system="C-61698r1106316_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to use IPv4 TCP syncookies.
+Reload settings from all system configuration files with the following command:
 
-Determine if syncookies are used with the following command:
+$ sudo sysctl --system</fixtext><fix id="F-61622r1155617_fix" /><check system="C-61698r1155616_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to use IPv4 TCP syncookies.
 
-Check the status of TCP syncookies.
+Check the value of all "tcp_syncookies" variables with the following command:
 
 $ sudo sysctl net.ipv4.tcp_syncookies
-
 net.ipv4.tcp_syncookies = 1
 
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.dmesg_restrict /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:net.ipv4.tcp_syncookies = 1
+If the network parameter "ipv4.tcp_syncookies" is not equal to "1" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257958"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257958r1155721_rule" weight="10.0" severity="medium"><version>RHEL-09-253015</version><title>RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-If "net.ipv4.tcp_syncookies" is not set to "1", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257958"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257958r1106319_rule" weight="10.0" severity="medium"><version>RHEL-09-253015</version><title>RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61623r1101988_fix">Configure RHEL 9 to ignore IPv4 ICMP redirect messages.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61623r1155720_fix">Configure RHEL 9 to ignore IPv4 ICMP redirect messages.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61623r1101988_fix" /><check system="C-61699r1106318_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 ignores IPv4 ICMP redirect messages.
+$ sudo sysctl --system</fixtext><fix id="F-61623r1155720_fix" /><check system="C-61699r1155719_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 will not accept IPv4 ICMP redirect messages.
 
-Check the value of the "accept_redirects" variables with the following command:
+Check the value of all "net.ipv4.conf.all.accept_redirects" variables with the following command:
 
 $ sudo sysctl net.ipv4.conf.all.accept_redirects
-
 net.ipv4.conf.all.accept_redirects = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
+If "net.ipv4.conf.all.accept_redirects" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257959"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257959r1155724_rule" weight="10.0" severity="medium"><version>RHEL-09-253020</version><title>RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-$ sudo grep -r net.ipv4.conf.all.accept_redirects /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_redirects = 0
-
-If "net.ipv4.conf.all.accept_redirects" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257959"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257959r1102024_rule" weight="10.0" severity="medium"><version>RHEL-09-253020</version><title>RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of which of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61624r1102023_fix">Configure RHEL 9 to not forward IPv4 source-routed packets.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61624r1155723_fix">Configure RHEL 9 to ignore IPv4 source-routed packets.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.accept_source_route=0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_source.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61624r1102023_fix" /><check system="C-61700r1102022_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv4 source-routed packets.
+$ sudo sysctl --system</fixtext><fix id="F-61624r1155723_fix" /><check system="C-61700r1155722_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 will not accept IPv4 source-routed packets.
 
-Check the value of the accept source route variable with the following command:
+Check the value of the "accept_source_route" variable with the following command:
 
 $ sudo sysctl net.ipv4.conf.all.accept_source_route
-
 net.ipv4.conf.all.accept_source_route = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.all.accept_source_route /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_source_route = 0
-
-If "net.ipv4.conf.all.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257960"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257960r1106321_rule" weight="10.0" severity="medium"><version>RHEL-09-253025</version><title>RHEL 9 must log IPv4 packets with impossible addresses.</title><description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
+If "net.ipv4.conf.all.accept_source_route" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257960"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257960r1155727_rule" weight="10.0" severity="medium"><version>RHEL-09-253025</version><title>RHEL 9 must log IPv4 packets with impossible addresses.</title><description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
 
 Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
@@ -2669,40 +2504,32 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61625r1106320_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61625r1155726_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces.
+
+Create a configuration file if it does not already exist:
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+$ sudo vi /etc/sysctl.d/99-ipv4_log_martians.conf
 
+Add the following line to the file:
 net.ipv4.conf.all.log_martians=1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61625r1106320_fix" /><check system="C-61701r1102004_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 logs IPv4 martian packets.
+$ sudo sysctl --system</fixtext><fix id="F-61625r1155726_fix" /><check system="C-61701r1155725_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 logs IPv4 martian packets.
 
-Check the value of the accept source route variable with the following command:
+Check the value of the "log_martians" variable with the following command:
 
 $ sudo sysctl net.ipv4.conf.all.log_martians
-
 net.ipv4.conf.all.log_martians = 1
 
-If the returned line does not have a value of "1", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.all.log_martians /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:net.ipv4.conf.all.log_martians = 1
-
-If "net.ipv4.conf.all.log_martians" is not set to "1" or is missing, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257961"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257961r1106323_rule" weight="10.0" severity="medium"><version>RHEL-09-253030</version><title>RHEL 9 must log IPv4 packets with impossible addresses by default.</title><description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
+If "net.ipv4.conf.all.log_martians" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257961"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257961r1155730_rule" weight="10.0" severity="medium"><version>RHEL-09-253030</version><title>RHEL 9 must log IPv4 packets with impossible addresses by default.</title><description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
 
 Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
@@ -2712,167 +2539,115 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61626r1106322_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces by default.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61626r1155729_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces by default.
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.default.log_martians = 1
+$ sudo vi /etc/sysctl.d/99-ipv4_log_martians.conf
 
-Load settings from all system configuration files with the following command:
+Add the following line to the file:
+net.ipv4.conf.default.log_martians=1
 
-$ sudo sysctl --system</fixtext><fix id="F-61626r1106322_fix" /><check system="C-61702r1102001_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 logs IPv4 martian packets by default.
+Reload settings from all system configuration files with the following command:
 
-Check the value of the accept source route variable with the following command:
+$ sudo sysctl --system</fixtext><fix id="F-61626r1155729_fix" /><check system="C-61702r1155728_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 logs IPv4 martian packets by default.
 
-$ sudo sysctl net.ipv4.conf.default.log_martians
+Check the value of the "default.log_martians" variable with the following command:
 
+$ sudo sysctl net.ipv4.conf.default.log_martians
 net.ipv4.conf.default.log_martians = 1
 
-If the returned line does not have a value of "1", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.default.log_martians /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+If "net.ipv4.conf.default.log_martians" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257962"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257962r1155733_rule" weight="10.0" severity="medium"><version>RHEL-09-253035</version><title>RHEL 9 must use reverse path filtering on all IPv4 interfaces.</title><description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
 
-/etc/sysctl.d/99-sysctl.conf:net.ipv4.conf.default.log_martians = 1
-
-If "net.ipv4.conf.default.log_martians" is not set to "1" or is missing, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257962"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257962r1106437_rule" weight="10.0" severity="medium"><version>RHEL-09-253035</version><title>RHEL 9 must use reverse path filtering on all IPv4 interfaces.</title><description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61627r1106324_fix">Configure RHEL 9 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file in the "/etc/sysctl.d" directory:
-
-net.ipv4.conf.all.rp_filter = 1
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61627r1155732_fix">Configure RHEL 9 to use reverse path filtering on all IPv4 interfaces.
 
-$ sudo sysctl --system</fixtext><fix id="F-61627r1106324_fix" /><check system="C-61703r1106436_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 uses reverse path filtering on all IPv4 interfaces with the following commands:
+Create a configuration file if it does not already exist:
 
-$ sudo sysctl net.ipv4.conf.all.rp_filter
+$ sudo vi /etc/sysctl.d/99-ipv4_rp_filter.conf
 
+Add the following line to the file:
 net.ipv4.conf.all.rp_filter = 1
 
-If the returned line does not have a value of "1" or "2", or a line is not returned, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
+Reload settings from all system configuration files with the following command:
 
-$ sudo grep -r net.ipv4.conf.all.rp_filter /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+$ sudo sysctl --system</fixtext><fix id="F-61627r1155732_fix" /><check system="C-61703r1155731_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 uses reverse path filtering on all IPv4 interfaces.
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.rp_filter = 1
+Check the value of the "rp_filter" variable with the following command:
 
-If "net.ipv4.conf.all.rp_filter" is not set to "1" or "2", is missing, or commented out, this is a finding.
+$ sudo sysctl net.ipv4.conf.all.rp_filter
+net.ipv4.conf.all.rp_filter = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257963"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257963r1106328_rule" weight="10.0" severity="medium"><version>RHEL-09-253040</version><title>RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+If "net.ipv4.conf.all.rp_filter" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257963"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257963r1155736_rule" weight="10.0" severity="medium"><version>RHEL-09-253040</version><title>RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
 This feature of the IPv4 protocol has few legitimate uses. It must be disabled unless absolutely required.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61628r1106327_fix">Configure RHEL 9 to prevent IPv4 ICMP redirect messages from being accepted.
-
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv4.conf.default.accept_redirects = 0
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61628r1106327_fix" /><check system="C-61704r1106326_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 will not accept IPv4 ICMP redirect messages.
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61628r1155735_fix">Configure RHEL 9 to prevent IPv4 ICMP redirect messages from being accepted.
 
-Check the value of the default "accept_redirects" variables with the following command:
+Create a configuration file if it does not already exist:
 
-$ sudo sysctl net.ipv4.conf.default.accept_redirects
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_redirects.conf
 
+Add the following line to the file:
 net.ipv4.conf.default.accept_redirects = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61628r1155735_fix" /><check system="C-61704r1155734_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 will not accept IPv4 ICMP redirect messages.
 
-$ sudo grep -r net.ipv4.conf.default.accept_redirects /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the value of the default "accept_redirects" variable with the following command:
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_redirects = 0
-
-If "net.ipv4.conf.default.accept_redirects" is not set to "0", is missing, or commented out, this is a finding.
+$ sudo sysctl net.ipv4.conf.default.accept_redirects
+net.ipv4.conf.default.accept_redirects = 0
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257964"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257964r1106438_rule" weight="10.0" severity="medium"><version>RHEL-09-253045</version><title>RHEL 9 must not forward IPv4 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+If "net.ipv4.conf.default.accept_redirects" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257964"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257964r1155739_rule" weight="10.0" severity="medium"><version>RHEL-09-253045</version><title>RHEL 9 must not forward IPv4 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61629r1106330_fix">Configure RHEL 9 to not forward IPv4 source-routed packets by default.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61629r1155738_fix">Configure RHEL 9 to not forward IPv4 source-routed packets by default.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.default.accept_source_route=0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.default.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61629r1106330_fix" /><check system="C-61705r1106329_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv4 source-routed packets by default.
+$ sudo sysctl --system</fixtext><fix id="F-61629r1155738_fix" /><check system="C-61705r1155737_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv4 source-routed packets by default.
 
-Check the value of the accept source route variable with the following command:
+Check the value of the "accept source route" variable with the following command:
 
 $ sudo sysctl net.ipv4.conf.default.accept_source_route
-
 net.ipv4.conf.default.accept_source_route = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.default.accept_source_route /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_source_route = 0
-
-If "net.ipv4.conf.default.accept_source_route" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257965"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257965r1106333_rule" weight="10.0" severity="medium"><version>RHEL-09-253050</version><title>RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.</title><description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
+If "net.ipv4.conf.default.accept_source_route" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257965"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257965r1155646_rule" weight="10.0" severity="medium"><version>RHEL-09-253050</version><title>RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.</title><description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
 
 The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
@@ -2881,544 +2656,371 @@ The sysctl --system command will load settings from all system configuration fil
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61630r1106332_fix">Configure RHEL 9 to use reverse path filtering on IPv4 interfaces by default.
-
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv4.conf.default.rp_filter = 1
-
-Load settings from all system configuration files with the following command:
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61630r1155645_fix">Configure RHEL 9 to use reverse path filtering on IPv4 interfaces by default.
 
-$ sudo sysctl --system</fixtext><fix id="F-61630r1106332_fix" /><check system="C-61706r1102078_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 uses reverse path filtering on IPv4 interfaces with the following commands:
+Create a configuration file if it does not already exist:
 
-$ sudo sysctl net.ipv4.conf.default.rp_filter
+$ sudo vi /etc/sysctl.d/ipv4_rp_filter.conf
 
+Add the following line to the file:
 net.ipv4.conf.default.rp_filter = 1
 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61630r1155645_fix" /><check system="C-61706r1155644_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 uses reverse path filtering on IPv4 interfaces.
 
-$ sudo grep -r net.ipv4.conf.default.rp_filter /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the value of the "net.ipv4.conf.default.rp_filter" with the following command:
 
-/etc/sysctl.d/99-sysctl.conf:net.ipv4.conf.default.rp_filter = 1
-
-If "net.ipv4.conf.default.rp_filter" is not set to "1" or is missing, this is a finding.
+$ sudo sysctl net.ipv4.conf.default.rp_filter
+net.ipv4.conf.default.rp_filter = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257966"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257966r1106440_rule" weight="10.0" severity="medium"><version>RHEL-09-253055</version><title>RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257966"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257966r1155742_rule" weight="10.0" severity="medium"><version>RHEL-09-253055</version><title>RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
 
 Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses makes the system slightly more difficult to enumerate on the network.
 
 There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61631r1106334_fix">Configure RHEL 9 to not respond to IPv4 ICMP echoes sent to a broadcast address.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61631r1155741_fix">Configure RHEL 9 to ignore IPv4 ICMP echoes sent to a broadcast address.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.icmp_echo_ignore_broadcasts=1
+$ sudo vi /etc/sysctl.d/ipv4_icmp_echo_ignore_broadcasts.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61631r1106334_fix" /><check system="C-61707r1106439_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not respond to ICMP echoes sent to a broadcast address.
+$ sudo sysctl --system</fixtext><fix id="F-61631r1155741_fix" /><check system="C-61707r1155740_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 ignores ICMP echoes sent to a broadcast address.
 
 Check the value of the "icmp_echo_ignore_broadcasts" variable with the following command:
 
 $ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts
-
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
+If "net.ipv4.icmp_echo_ignore_broadcasts" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257967"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257967r1155745_rule" weight="10.0" severity="medium"><version>RHEL-09-253060</version><title>RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title><description>&lt;VulnDiscussion&gt;Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.
 
-$ sudo grep -r net.ipv4.icmp_echo_ignore_broadcasts /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-If "net.ipv4.icmp_echo_ignore_broadcasts" is not set to "1", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257967"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257967r1106337_rule" weight="10.0" severity="medium"><version>RHEL-09-253060</version><title>RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title><description>&lt;VulnDiscussion&gt;Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61632r1106336_fix">Configure RHEL 9 to not log bogus ICMP errors: 
-
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv4.icmp_ignore_bogus_error_responses = 1
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61632r1155744_fix">Configure RHEL 9 to not log bogus ICMP errors:
 
-Load settings from all system configuration files with the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61632r1106336_fix" /><check system="C-61708r1101999_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>The runtime status of the net.ipv4.icmp_ignore_bogus_error_responses kernel parameter can be queried by running the following command:
+Create a configuration file if it does not already exist:
 
-$ sudo sysctl net.ipv4.icmp_ignore_bogus_error_responses 
+$ sudo vi /etc/sysctl.d/ipv4_icmp_ignore_bogus_error_responses.conf
 
+Add the following line to the file:
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 
-If "net.ipv4.icmp_ignore_bogus_error_responses" is not set to "1", this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61632r1155744_fix" /><check system="C-61708r1155743_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 limits the number of bogus Internet Control Message Protocol (ICMP) response errors logs.
 
-$ sudo grep -r net.ipv4.icmp_ignore_bogus_error_response /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Check the value of the "net.ipv4.icmp_ignore_bogus_error_response" variables with the following command:
 
-/etc/sysctl.d/99-sysctl.conf:net.ipv4.icmp_ignore_bogus_error_responses = 1
-
-If "net.ipv4.icmp_ignore_bogus_error_response" is not set to "1" or is missing, this is a finding.
+$ sudo sysctl net.ipv4.icmp_ignore_bogus_error_responses
+net.ipv4.icmp_ignore_bogus_error_responses = 1
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257968"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257968r1106339_rule" weight="10.0" severity="medium"><version>RHEL-09-253065</version><title>RHEL 9 must not send Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
+If "net.ipv4.icmp_ignore_bogus_error_response" is not set to "1" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257968"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257968r1155748_rule" weight="10.0" severity="medium"><version>RHEL-09-253065</version><title>RHEL 9 must not send Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
 
 The ability to send ICMP redirects is only appropriate for systems acting as routers.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61633r1106338_fix">Configure RHEL 9 to not allow interfaces to perform IPv4 ICMP redirects.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61633r1155747_fix">Configure RHEL 9 to not allow interfaces to perform IPv4 ICMP redirects.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.send_redirects=0
+$ sudo vi /etc/sysctl.d/ipv4_send_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.send_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61633r1106338_fix" /><check system="C-61709r1102041_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not IPv4 ICMP redirect messages.
+$ sudo sysctl --system</fixtext><fix id="F-61633r1155747_fix" /><check system="C-61709r1155746_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not IPv4 ICMP redirect messages.
 
 Check the value of the "all send_redirects" variables with the following command:
 
 $ sudo sysctl net.ipv4.conf.all.send_redirects
-
 net.ipv4.conf.all.send_redirects = 0
 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.all.send_redirects /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+If "net.ipv4.conf.all.send_redirects" is not set to "0" and is not documented with the information system security officer (ISSO) as an operational requirement or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257969"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257969r1155623_rule" weight="10.0" severity="medium"><version>RHEL-09-253070</version><title>RHEL 9 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology. The ability to send ICMP redirects is only appropriate for systems acting as routers.
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.send_redirects = 0
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
-If "net.ipv4.conf.all.send_redirects" is not set to "0", is missing or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257969"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257969r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-253070</version><title>RHEL 9 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61634r1155622_fix">Configure RHEL 9 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
 
-The ability to send ICMP redirects is only appropriate for systems acting as routers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61634r925893_fix">Configure RHEL 9 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
+Create a configuration file if it does not already exist:
 
-Add or edit the following line in a single system configuration file, in the "/etc/sysctl.d/" directory:
+$ sudo vi /etc/sysctl.d/ipv4_send_redirect.conf
 
+Add the following line to the file:
 net.ipv4.conf.default.send_redirects = 0
 
 Load settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61634r925893_fix" /><check system="C-61710r942998_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
-
-Check the value of the "default send_redirects" variables with the following command:
+$ sudo sysctl --system</fixtext><fix id="F-61634r1155622_fix" /><check system="C-61710r1155621_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Check the value of the "default send_redirects" variables with the following command:
 
 $ sudo sysctl net.ipv4.conf.default.send_redirects
-
 net.ipv4.conf.default.send_redirects=0
 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.
+If "net.ipv4.conf.default.send_redirects" is not set to "0" and is not documented with the information system security officer (ISSO) as an operational requirement or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257970"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257970r1155751_rule" weight="10.0" severity="medium"><version>RHEL-09-253075</version><title>RHEL 9 must not enable IPv4 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.
 
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo /usr/lib/systemd/systemd-sysctl --cat-config | egrep -v '^(#|;)' | grep -F net.ipv4.conf.default.send_redirects | tail -1
-
-net.ipv4.conf.default.send_redirects = 0
-
-If "net.ipv4.conf.default.send_redirects" is not set to "0" and is not documented with the information system security officer (ISSO) as an operational requirement or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257970"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257970r1106442_rule" weight="10.0" severity="medium"><version>RHEL-09-253075</version><title>RHEL 9 must not enable IPv4 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61635r1106341_fix">Configure RHEL 9 to not allow IPv4 packet forwarding, unless the system is a router.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61635r1155750_fix">Configure RHEL 9 to not allow IPv4 packet forwarding, unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.forwarding=0
+$ sudo vi /etc/sysctl.d/ipv4_forwarding.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.forwarding = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61635r1106341_fix" /><check system="C-61711r1106441_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is not performing IPv4 packet forwarding, unless the system is a router.
+$ sudo sysctl --system</fixtext><fix id="F-61635r1155750_fix" /><check system="C-61711r1155749_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is not performing IPv4 packet forwarding unless the system is a router.
 
-Check that IPv4 forwarding is disabled using the following command:
+Check that "net.ipv4.conf.all.forwarding" is disabled using the following command:
 
 $ sudo sysctl net.ipv4.conf.all.forwarding
-
 net.ipv4.conf.all.forwarding = 0
 
-If the IPv4 forwarding value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv4.conf.all.forwarding /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.forwarding = 0
-
-If "net.ipv4.conf.all.forwarding" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257971"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257971r1106444_rule" weight="10.0" severity="medium"><version>RHEL-09-254010</version><title>RHEL 9 must not accept router advertisements on all IPv6 interfaces.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+If "net.ipv4.conf.all.forwarding" is not set to "0" and is not documented with the information system security officer (ISSO) as an operational requirement or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257971"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257971r1155754_rule" weight="10.0" severity="medium"><version>RHEL-09-254010</version><title>RHEL 9 must not accept router advertisements on all IPv6 interfaces.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
 An illicit router advertisement message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61636r1106343_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
-
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv6.conf.all.accept_ra=0
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61636r1155753_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
 
-$ sudo sysctl --system</fixtext><fix id="F-61636r1106343_fix" /><check system="C-61712r1106443_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
+Create a configuration file if it does not already exist:
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
-
-Check to see if router advertisements are not accepted by using the following command:
-
-$ sudo sysctl  net.ipv6.conf.all.accept_ra
+$ sudo vi /etc/sysctl.d/ipv4_accept_ra.conf
 
+Add the following line to the file:
 net.ipv6.conf.all.accept_ra = 0
 
-If the "accept_ra" value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61636r1155753_fix" /><check system="C-61712r1155752_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
 
-$ sudo grep -r net.ipv6.conf.all.accept_ra /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_ra = 0
+Check that "net.ipv6.conf.all.accept_ra" is set to not accept router advertisements by using the following command:
 
-If "net.ipv6.conf.all.accept_ra" is not set to "0", is missing, or commented out, this is a finding.
+$ sudo sysctl net.ipv6.conf.all.accept_ra
+net.ipv6.conf.all.accept_ra = 0
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257972"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257972r1106446_rule" weight="10.0" severity="medium"><version>RHEL-09-254015</version><title>RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+If "net.ipv6.conf.all.accept_ra" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257972"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257972r1155757_rule" weight="10.0" severity="medium"><version>RHEL-09-254015</version><title>RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61637r1106345_fix">Configure RHEL 9 to ignore IPv6 ICMP redirect messages.
-
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv6.conf.all.accept_redirects = 0
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61637r1155756_fix">Configure RHEL 9 to ignore IPv6 ICMP redirect messages.
 
-$ sudo sysctl --system</fixtext><fix id="F-61637r1106345_fix" /><check system="C-61713r1106445_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 ignores IPv6 ICMP redirect messages.
+Create a configuration file if it does not already exist:
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
-
-Check the value of the "accept_redirects" variables with the following command:
-
-$ sudo sysctl net.ipv6.conf.all.accept_redirects
+$ sudo vi /etc/sysctl.d/ipv6_accept_redirects.conf
 
+Add the following line to the file:
 net.ipv6.conf.all.accept_redirects = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61637r1155756_fix" /><check system="C-61713r1155755_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 ignores IPv6 ICMP redirect messages.
 
-$ sudo grep -r net.ipv6.conf.all.accept_redirects /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_redirects = 0
+Check the value of the "accept_redirects" variable with the following command:
 
-If "net.ipv6.conf.all.accept_redirects" is not set to "0", is missing, or commented out, this is a finding.
+$ sysctl net.ipv6.conf.all.accept_redirects
+net.ipv6.conf.all.accept_redirects = 0
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257973"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257973r1106448_rule" weight="10.0" severity="medium"><version>RHEL-09-254020</version><title>RHEL 9 must not forward IPv6 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+If "net.ipv6.conf.all.accept_redirects" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257973"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257973r1155760_rule" weight="10.0" severity="medium"><version>RHEL-09-254020</version><title>RHEL 9 must not forward IPv6 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61638r1106347_fix">Configure RHEL 9 to not forward IPv6 source-routed packets.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61638r1155759_fix">Configure RHEL 9 to not accept IPv6 source-routed packets.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.accept_source_route=0
+$ sudo vi /etc/sysctl.d/ipv6_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61638r1106347_fix" /><check system="C-61714r1106447_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv6 source-routed packets.
+$ sudo sysctl --system</fixtext><fix id="F-61638r1155759_fix" /><check system="C-61714r1155758_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv6 source-routed packets.
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-Check the value of the accept source route variable with the following command:
+Check the value of the "net.ipv6.conf.all.accept_source_route" variable with the following command:
 
 $ sudo sysctl net.ipv6.conf.all.accept_source_route
-
 net.ipv6.conf.all.accept_source_route = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv6.conf.all.accept_source_route /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_source_route = 0
+If "net.ipv6.conf.all.accept_source_route" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257974"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257974r1155763_rule" weight="10.0" severity="medium"><version>RHEL-09-254025</version><title>RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
-If "net.ipv6.conf.all.accept_source_route" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257974"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257974r1106450_rule" weight="10.0" severity="medium"><version>RHEL-09-254025</version><title>RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61639r1106349_fix">Configure RHEL 9 to not allow IPv6 packet forwarding, unless the system is a router.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61639r1155762_fix">Configure RHEL 9 to not allow IPv6 packet forwarding, unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.forwarding=0
+$ sudo vi /etc/sysctl.d/ipv6_forwarding.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.forwarding = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61639r1106349_fix" /><check system="C-61715r1106449_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is not performing IPv6 packet forwarding, unless the system is a router.
+$ sudo sysctl --system</fixtext><fix id="F-61639r1155762_fix" /><check system="C-61715r1155761_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is not performing IPv6 packet forwarding, unless the system is a router.
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-Check that IPv6 forwarding is disabled using the following commands:
+Check the value of the "net.ipv6.conf.all.forwarding" variable with the following command:
 
 $ sudo sysctl net.ipv6.conf.all.forwarding
-
 net.ipv6.conf.all.forwarding = 0
 
-If the IPv6 forwarding value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv6.conf.all.forwarding /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.forwarding = 0
-
-If "net.ipv6.conf.all.forwarding" is not set to "0", is missing, or commented out, this is a finding.
+If "net.ipv6.conf.all.forwarding" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257975"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257975r1155766_rule" weight="10.0" severity="medium"><version>RHEL-09-254030</version><title>RHEL 9 must not accept router advertisements on all IPv6 interfaces by default.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network. An illicit router advertisement message could result in a man-in-the-middle attack.
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257975"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257975r1106452_rule" weight="10.0" severity="medium"><version>RHEL-09-254030</version><title>RHEL 9 must not accept router advertisements on all IPv6 interfaces by default.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network. An illicit router advertisement message could result in a man-in-the-middle attack.
-
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61640r1106351_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
-
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
-
-net.ipv6.conf.default.accept_ra=0
-
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
-
-Load settings from all system configuration files with the following command:
-
-$ sudo sysctl --system</fixtext><fix id="F-61640r1106351_fix" /><check system="C-61716r1106451_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61640r1155765_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
+Create a configuration file if it does not already exist:
 
-Check to see if router advertisements are not accepted by default by using the following command:
-
-$ sudo sysctl  net.ipv6.conf.default.accept_ra
+$ sudo vi /etc/sysctl.d/ipv6_accept_ra.conf
 
+Add the following line to the file:
 net.ipv6.conf.default.accept_ra = 0
 
-If the "accept_ra" value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.
+Reload settings from all system configuration files with the following command:
 
-Check that the configuration files are present to enable this network parameter.
+$ sudo sysctl --system</fixtext><fix id="F-61640r1155765_fix" /><check system="C-61716r1155764_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
 
-$ sudo grep -r net.ipv6.conf.default.accept_ra /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_ra = 0
+Check the value of the "net.ipv6.conf.default.accept_ra" variable with the following command:
 
-If "net.ipv6.conf.default.accept_ra" is not set to "0", is missing, or commented out, this is a finding.
+$ sudo sysctl net.ipv6.conf.default.accept_ra
+net.ipv6.conf.default.accept_ra = 0
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257976"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257976r1106454_rule" weight="10.0" severity="medium"><version>RHEL-09-254035</version><title>RHEL 9 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+If "net.ipv6.conf.default.accept_ra" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257976"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257976r1155769_rule" weight="10.0" severity="medium"><version>RHEL-09-254035</version><title>RHEL 9 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61641r1106353_fix">Configure RHEL 9 to prevent IPv6 ICMP redirect messages from being accepted.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61641r1155768_fix">Configure RHEL 9 to prevent IPv6 ICMP redirect messages from being accepted.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.default.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/ipv6_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.default.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61641r1106353_fix" /><check system="C-61717r1106453_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 will not accept IPv6 ICMP redirect messages.
+$ sudo sysctl --system</fixtext><fix id="F-61641r1155768_fix" /><check system="C-61717r1155767_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 to prevent IPv6 ICMP redirect messages.
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-Check the value of the default "accept_redirects" variables with the following command:
+Check the value of the "net.ipv6.conf.default.accept_redirects" variables with the following command:
 
 $ sudo sysctl net.ipv6.conf.default.accept_redirects
-
 net.ipv6.conf.default.accept_redirects = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv6.conf.default.accept_redirects /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_redirects = 0
-
-If "net.ipv6.conf.default.accept_redirects" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257977"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257977r1106456_rule" weight="10.0" severity="medium"><version>RHEL-09-254040</version><title>RHEL 9 must not forward IPv6 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+If "net.ipv6.conf.default.accept_redirects" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257977"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257977r1155772_rule" weight="10.0" severity="medium"><version>RHEL-09-254040</version><title>RHEL 9 must not forward IPv6 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
 Accepting source-routed packets in the IPv6 protocol has few legitimate uses. It must be disabled unless it is absolutely required.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
 /usr/local/lib/sysctl.d/*.conf
 /usr/lib/sysctl.d/*.conf
 /lib/sysctl.d/*.conf
-/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61642r1106355_fix">Configure RHEL 9 to not forward IPv6 source-routed packets by default.
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61642r1155771_fix">Configure RHEL 9 to not accept IPv6 source-routed packets by default.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.default.accept_source_route=0
+$ sudo vi /etc/sysctl.d/ipv6_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.default.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
-$ sudo sysctl --system</fixtext><fix id="F-61642r1106355_fix" /><check system="C-61718r1106455_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv6 source-routed packets by default.
+$ sudo sysctl --system</fixtext><fix id="F-61642r1155771_fix" /><check system="C-61718r1155770_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 does not accept IPv6 source-routed packets by default.
 
-Note: If IPv6 is disabled on the system, this requirement is not applicable.
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
 
-Check the value of the accept source route variable with the following command:
+Check the value of the "net.ipv6.conf.default.accept_source_route" variables with the following command:
 
 $ sudo sysctl net.ipv6.conf.default.accept_source_route
-
 net.ipv6.conf.default.accept_source_route = 0
 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-
-Check that the configuration files are present to enable this network parameter.
-
-$ sudo grep -r net.ipv6.conf.default.accept_source_route /run/sysctl.d/*.conf /usr/local/lib/sysctl.d/*.conf /usr/lib/sysctl.d/*.conf /lib/sysctl.d/*.conf /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_source_route = 0
-
-If "net.ipv6.conf.default.accept_source_route" is not set to "0", is missing, or commented out, this is a finding.
-
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-257978"><title>SRG-OS-000423-GPOS-00187</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257978r1045013_rule" weight="10.0" severity="medium"><version>RHEL-09-255010</version><title>All RHEL 9 networked systems must have SSH installed.</title><description>&lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
+If "net.ipv6.conf.default.accept_source_route" is not set to "0" or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-257978"><title>SRG-OS-000423-GPOS-00187</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257978r1045013_rule" weight="10.0" severity="medium"><version>RHEL-09-255010</version><title>All RHEL 9 networked systems must have SSH installed.</title><description>&lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
 
 This requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. 
 
@@ -3716,10 +3318,10 @@ root /etc/ssh/sshd_config.d
 root /etc/ssh/sshd_config.d/50-cloud-init.conf
 root /etc/ssh/sshd_config.d/50-redhat.conf
 
-If the "/etc/ssh/sshd_config" file or "/etc/ssh/sshd_config.d" or any files in the "sshd_config.d" directory do not have an owner of "root", this is a finding.</check-content></check></Rule></Group><Group id="V-257999"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257999r1134918_rule" weight="10.0" severity="medium"><version>RHEL-09-255115</version><title>RHEL 9 SSH server configuration files' permissions must not be modified.</title><description>&lt;VulnDiscussion&gt;Service configuration files enable or disable features of their respective services, that if configured incorrectly, can lead to insecure and vulnerable configurations. Therefore, service configuration files must have correct permissions (owner, group owner, mode) to prevent unauthorized changes.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61664r1134917_fix">Run the following commands to restore the correct permissions of OpenSSH server configuration files:
+If the "/etc/ssh/sshd_config" file or "/etc/ssh/sshd_config.d" or any files in the "sshd_config.d" directory do not have an owner of "root", this is a finding.</check-content></check></Rule></Group><Group id="V-257999"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-257999r1155686_rule" weight="10.0" severity="medium"><version>RHEL-09-255115</version><title>RHEL 9 SSH server configuration files' permissions must not be modified.</title><description>&lt;VulnDiscussion&gt;Service configuration files enable or disable features of their respective services, that if configured incorrectly, can lead to insecure and vulnerable configurations. Therefore, service configuration files must have correct permissions (owner, group owner, mode) to prevent unauthorized changes.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61664r1155685_fix">Run the following commands to restore the correct permissions of OpenSSH server configuration files:
 
-$ rpm --setugids openssh-server
-$ rpm --setperms openssh-server</fixtext><fix id="F-61664r1134917_fix" /><check system="C-61740r1134916_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the permissions of the "/etc/ssh/sshd_config" file with the following command:
+$ sudo rpm --setugids openssh-server
+$ sudo rpm --setperms openssh-server</fixtext><fix id="F-61664r1155685_fix" /><check system="C-61740r1134916_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the permissions of the "/etc/ssh/sshd_config" file with the following command:
 
 $ sudo rpm --verify openssh-server | awk '! ($2 == "c" &amp;&amp; $1 ~ /^.\..\.\.\.\..\./) {print $0}'
 
@@ -3755,7 +3357,12 @@ $ sudo stat -c "%a %n" /etc/ssh/*.pub
 644 /etc/ssh/ssh_host_ed25519_key.pub
 644 /etc/ssh/ssh_host_rsa_key.pub
 
-If any key.pub file has a mode more permissive than "0644", this is a finding.</check-content></check></Rule></Group><Group id="V-258002"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258002r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-255130</version><title>RHEL 9 SSH daemon must not allow compression or must only allow compression after successful authentication.</title><description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61667r925992_fix">Configure the SSH daemon to not allow compression.
+If any key.pub file has a mode more permissive than "0644", this is a finding.</check-content></check></Rule></Group><Group id="V-258002"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258002r1155590_rule" weight="10.0" severity="medium"><version>RHEL-09-255130</version><title>RHEL 9 SSH daemon must not allow compression or must only allow compression after successful authentication.</title><description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.
+
+Compression options are:
+no - disables compression
+delayed - allow compression only after authentication
+yes - enables compression before authentication, which can leak sensitive metadata and is not recommended&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61667r925992_fix">Configure the SSH daemon to not allow compression.
 
 Uncomment the "Compression" keyword in "/etc/ssh/sshd_config" on the system and set the value to "delayed" or "no":
 
@@ -3763,11 +3370,10 @@ Compression no
 
 The SSH service must be restarted for changes to take effect:
 
-$ sudo systemctl restart sshd.service</fixtext><fix id="F-61667r925992_fix" /><check system="C-61743r952199_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the SSH daemon performs compression after a user successfully authenticates with the following command:
+$ sudo systemctl restart sshd.service</fixtext><fix id="F-61667r925992_fix" /><check system="C-61743r1155589_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the RHEL 9 SSH daemon performs compression after a user successfully authenticates with the following command:
 
 $ sudo /usr/sbin/sshd -dd 2&gt;&amp;1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*compression'
-
-Compression delayed
+/etc/ssh/sshd_config:Compression no
 
 If the "Compression" keyword is set to "yes", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258003"><title>SRG-OS-000364-GPOS-00151</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258003r1045065_rule" weight="10.0" severity="medium"><version>RHEL-09-255135</version><title>RHEL 9 SSH daemon must not allow GSSAPI authentication.</title><description>&lt;VulnDiscussion&gt;Generic Security Service Application Program Interface (GSSAPI) authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system.
 
@@ -4009,7 +3615,7 @@ $ gsettings get org.gnome.desktop.media-handling autorun-never
 
 true
 
-If "autorun-never" is set to "false", and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-258017"><title>SRG-OS-000114-GPOS-00059</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258017r1045088_rule" weight="10.0" severity="medium"><version>RHEL-09-271035</version><title>RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.</title><description>&lt;VulnDiscussion&gt;Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
+If "autorun-never" is set to "false", and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-258017"><title>SRG-OS-000114-GPOS-00059</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258017r1155688_rule" weight="10.0" severity="medium"><version>RHEL-09-271035</version><title>RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.</title><description>&lt;VulnDiscussion&gt;Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
 
 Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000778</ident><ident system="http://cyber.mil/cci">CCI-001958</ident><fixtext fixref="F-61682r926037_fix">Configure the GNOME desktop to not allow a user to change the setting that disables autorun on removable media.
 
@@ -4019,11 +3625,11 @@ Add the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock
 
 Then update the dconf system databases:
 
-$ sudo dconf update</fixtext><fix id="F-61682r926037_fix" /><check system="C-61758r1045087_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
+$ sudo dconf update</fixtext><fix id="F-61682r926037_fix" /><check system="C-61758r1155687_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
 
 Verify RHEL 9 disables ability of the user to override the graphical user interface autorun setting.
 
-Determine which profile the system database is using with the following command:
+Check that the autorun setting is set to prevent user modification with the following command:
 
 $ gsettings writable org.gnome.desktop.media-handling autorun-never
  
@@ -4144,31 +3750,31 @@ $ gsettings writable org.gnome.desktop.screensaver lock-enabled
  
 false
  
-If "lock-enabled" is writable and the result is "true", this is a finding.</check-content></check></Rule></Group><Group id="V-258023"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258023r958402_rule" weight="10.0" severity="medium"><version>RHEL-09-271065</version><title>RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock.
+If "lock-enabled" is writable and the result is "true", this is a finding.</check-content></check></Rule></Group><Group id="V-258023"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258023r1155656_rule" weight="10.0" severity="medium"><version>RHEL-09-271065</version><title>RHEL 9 must automatically lock graphical user sessions after 10 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock.
 
-Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000057</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-61688r926055_fix">Configure RHEL 9 to initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
+Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000057</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-61688r1155655_fix">Configure RHEL 9 to initiate a screensaver after a 10-minute period of inactivity for graphical user interfaces.
 
-Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:
+Create a database to contain the systemwide screensaver settings (if it does not already exist) with the following command:
 
 $ sudo touch /etc/dconf/db/local.d/00-screensaver
 
 Edit /etc/dconf/db/local.d/00-screensaver and add or update the following lines:
 
 [org/gnome/desktop/session]
-# Set the lock time out to 900 seconds before the session is considered idle
-idle-delay=uint32 900
+# Set the lock time out to 600 seconds before the session is considered idle
+idle-delay=uint32 600
 
 Update the system databases:
 
-$ sudo dconf update</fixtext><fix id="F-61688r926055_fix" /><check system="C-61764r926054_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 initiates a session lock after a 15-minute period of inactivity for graphical user interfaces with the following command:
+$ sudo dconf update</fixtext><fix id="F-61688r1155655_fix" /><check system="C-61764r1155654_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 initiates a session lock after a 10-minute period of inactivity for graphical user interfaces with the following command:
 
 Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
 
 $ sudo gsettings get org.gnome.desktop.session idle-delay
 
-uint32 900
+uint32 600
 
-If "idle-delay" is set to "0" or a value greater than "900", this is a finding.</check-content></check></Rule></Group><Group id="V-258024"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258024r1045100_rule" weight="10.0" severity="medium"><version>RHEL-09-271070</version><title>RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.
+If "idle-delay" is set to "0" or a value greater than "600", this is a finding.</check-content></check></Rule></Group><Group id="V-258024"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258024r1045100_rule" weight="10.0" severity="medium"><version>RHEL-09-271070</version><title>RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.
 
 Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000057</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-61689r1045099_fix">Configure RHEL 9 to prevent a user from overriding settings for graphical user interfaces.
 
@@ -4621,22 +4227,25 @@ djohnson:x:1002:1002:djohnson:/home/djohnson:/bin/bash
 
 Inspect the output and verify that all interactive users (normally users with a user identifier (UID) greater that 1000) have a home directory defined.
 
-If users home directory is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-258052"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258052r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-411065</version><title>All RHEL 9 local interactive user home directories defined in the /etc/passwd file must exist.</title><description>&lt;VulnDiscussion&gt;If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon. This could create a denial of service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61717r926142_fix">Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":
+If users home directory is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-258052"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258052r1155588_rule" weight="10.0" severity="medium"><version>RHEL-09-411065</version><title>All RHEL 9 local interactive user home directories defined in the /etc/passwd file must exist.</title><description>&lt;VulnDiscussion&gt;If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon. This could create a denial of service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61717r1155587_fix">Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":
 
-Note: The example will be for the user wadea, who has a home directory of "/home/wadea", a user identifier (UID) of "wadea", and a Group Identifier (GID) of "users assigned" in "/etc/passwd".
+Note: The example will be for the user wadea, who has a home directory of "/home/wadea", a user identifier (UID) of "wadea", and a group identifier (GID) of "users assigned" in "/etc/passwd".
 
 $ sudo mkdir /home/wadea 
 $ sudo chown wadea /home/wadea
 $ sudo chgrp users /home/wadea
-$ sudo chmod 0750 /home/wadea</fixtext><fix id="F-61717r926142_fix" /><check system="C-61793r926141_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the assigned home directories of all interactive users on the system exist with the following command:
+$ sudo chmod 0750 /home/wadea</fixtext><fix id="F-61717r1155587_fix" /><check system="C-61793r1155586_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the assigned home directories of all interactive users on the system exist with the following command:
 
 $ sudo pwck -r 
 
-user 'mailnull': directory 'var/spool/mqueue' does not exist
+The output should not return any interactive (human) users.
+
+Ask the system administrator (SA) if any users found without home directories are local interactive users. 
+If the SA is unable to provide a response, check for users with a user identifier (UID) of 1000 or greater with the following command:
 
-The output should not return any interactive users.
+$ awk -F: '($3&gt;=1000)&amp;&amp;($1!="nobody"){print $1 ":" $3}' /etc/passwd
 
-If users home directory does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-258053"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258053r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-411070</version><title>All RHEL 9 local interactive user home directories must be group-owned by the home directory owner's primary group.</title><description>&lt;VulnDiscussion&gt;If the Group Identifier (GID) of a local interactive users home directory is not the same as the primary GID of the user, this would allow unauthorized access to the users files, and users that share the same group may not be able to access files that they legitimately should.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61718r926145_fix">Change the group owner of a local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:
+If any interactive users do not have a home directory assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-258053"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258053r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-411070</version><title>All RHEL 9 local interactive user home directories must be group-owned by the home directory owner's primary group.</title><description>&lt;VulnDiscussion&gt;If the Group Identifier (GID) of a local interactive users home directory is not the same as the primary GID of the user, this would allow unauthorized access to the users files, and users that share the same group may not be able to access files that they legitimately should.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61718r926145_fix">Change the group owner of a local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:
 
 Note: The example will be for the user "wadea", who has a home directory of "/home/wadea", and has a primary group of users.
 
@@ -4748,15 +4357,7 @@ If the "dir" option is not set to a nondefault documented tally log directory or
  
  $  cut -d : -f 3 /etc/group | uniq -d
  
-If the system has duplicate GIDs, this is a finding.</check-content></check></Rule></Group><Group id="V-258062"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258062r991589_rule" weight="10.0" severity="medium"><version>RHEL-09-411115</version><title>Local RHEL 9 initialization files must not execute world-writable programs.</title><description>&lt;VulnDiscussion&gt;If user start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to destroy user files or otherwise compromise the system at the user level. If the system is compromised at the user level, it is easier to elevate privileges to eventually compromise the system at the root and network level.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61727r926172_fix">Set the mode on files being executed by the local initialization files with the following command:
-
-$ sudo chmod 0755 &lt;file&gt;</fixtext><fix id="F-61727r926172_fix" /><check system="C-61803r926171_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that local initialization files do not execute world-writable programs with the following command:
-
-Note: The example will be for a system that is configured to create user home directories in the "/home" directory.
-
-$ sudo find /home -perm -002 -type f -name ".[^.]*" -exec ls -ld {} \; 
-
-If any local initialization files are found to reference world-writable files, this is a finding.</check-content></check></Rule></Group><Group id="V-258068"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258068r1101950_rule" weight="10.0" severity="medium"><version>RHEL-09-412035</version><title>RHEL 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.
+If the system has duplicate GIDs, this is a finding.</check-content></check></Rule></Group><Group id="V-258068"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258068r1101950_rule" weight="10.0" severity="medium"><version>RHEL-09-412035</version><title>RHEL 9 must automatically exit interactive command shell user sessions after 10 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.
 
 Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000057</ident><ident system="http://cyber.mil/cci">CCI-001133</ident><fixtext fixref="F-61733r1014871_fix">Configure RHEL 9 to exit interactive command shell user sessions after 10 minutes of inactivity.
 
@@ -4862,29 +4463,28 @@ $ grep umask /etc/profile
 
 umask 077
 
-If the value for the "umask" parameter is not "077", or the "umask" parameter is missing or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258076"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258076r991589_rule" weight="10.0" severity="low"><version>RHEL-09-412075</version><title>RHEL 9 must display the date and time of the last successful account logon upon logon.</title><description>&lt;VulnDiscussion&gt;Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61741r926214_fix">Configure RHEL 9 to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/postlogin". 
+If the value for the "umask" parameter is not "077", or the "umask" parameter is missing or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258077"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258077r1155659_rule" weight="10.0" severity="medium"><version>RHEL-09-412080</version><title>RHEL 9 must terminate idle user sessions.</title><description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001133</ident><fixtext fixref="F-61742r1155658_fix">Configure RHEL 9 to log out idle sessions.
 
-Add the following line to the top of "/etc/pam.d/postlogin":
+Create the directory if necessary:
 
-session required pam_lastlog.so showfailed</fixtext><fix id="F-61741r926214_fix" /><check system="C-61817r926213_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify users are provided with feedback on when account accesses last occurred with the following command:
+$ mkdir -p /etc/systemd/logind.conf.d/
 
-$ sudo grep pam_lastlog /etc/pam.d/postlogin
+Create a *.conf file in /etc/systemd/logind.conf.d/ with the following content:
 
-session required pam_lastlog.so showfailed
+[Login]
+StopIdleSessionSec=600
+KillUserProcesses=no
 
-If "pam_lastlog" is missing from "/etc/pam.d/postlogin" file, or the silent option is present, this is a finding.</check-content></check></Rule></Group><Group id="V-258077"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258077r1014874_rule" weight="10.0" severity="medium"><version>RHEL-09-412080</version><title>RHEL 9 must terminate idle user sessions.</title><description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001133</ident><fixtext fixref="F-61742r1014873_fix">Configure RHEL 9 to log out idle sessions by editing the /etc/systemd/logind.conf file with the following line:
+Restart systemd-logind:
 
-StopIdleSessionSec=900
+$ systemctl restart systemd-logind</fixtext><fix id="F-61742r1155658_fix" /><check system="C-61818r1155657_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 logs out sessions that are idle for 10 minutes with the following command:
 
-The "logind" service must be restarted for the changes to take effect. To restart the "logind" service, run the following command:
+$ systemd-analyze cat-config systemd/logind.conf | grep StopIdleSessionSec
 
-$ sudo systemctl restart systemd-logind</fixtext><fix id="F-61742r1014873_fix" /><check system="C-61818r926216_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 logs out sessions that are idle for 15 minutes with the following command:
+#StopIdleSessionSec=infinity
+StopIdleSessionSec=600
 
-$ sudo grep -i ^StopIdleSessionSec /etc/systemd/logind.conf
-
-StopIdleSessionSec=900
-
-If "StopIdleSessionSec" is not configured to "900" seconds, this is a finding.</check-content></check></Rule></Group><Group id="V-258078"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258078r958944_rule" weight="10.0" severity="high"><version>RHEL-09-431010</version><title>RHEL 9 must use a Linux Security Module configured to enforce limits on system services.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+If "StopIdleSessionSec" is not configured to "600" seconds, this is a finding.</check-content></check></Rule></Group><Group id="V-258078"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258078r958944_rule" weight="10.0" severity="high"><version>RHEL-09-431010</version><title>RHEL 9 must use a Linux Security Module configured to enforce limits on system services.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
 This requirement applies to operating systems performing security function verification/testing and/or systems and environments that require this functionality.
 
@@ -5048,7 +4648,7 @@ $ sudo grep -iwR 'ALL' /etc/sudoers /etc/sudoers.d/ | grep -v '#'
 
 If the either of the following entries are returned, this is a finding:
 ALL     ALL=(ALL) ALL
-ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-258088"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258088r1050789_rule" weight="10.0" severity="medium"><version>RHEL-09-432035</version><title>RHEL 9 must restrict the use of the "su" command.</title><description>&lt;VulnDiscussion&gt;The "su" program allows to run commands with a substitute user and group ID. It is commonly used to run commands as the root user. Limiting access to such commands is considered a good security practice.
+ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-258088"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258088r1155643_rule" weight="10.0" severity="medium"><version>RHEL-09-432035</version><title>RHEL 9 must restrict the use of the "su" command.</title><description>&lt;VulnDiscussion&gt;The "su" program allows to run commands with a substitute user and group ID. It is commonly used to run commands as the root user. Limiting access to such commands is considered a good security practice.
 
 Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000312-GPOS-00123&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-004895</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-61753r926250_fix">Configure RHEL 9 to require users to be in the "wheel" group to run "su" command.
 
@@ -5058,13 +4658,13 @@ In file "/etc/pam.d/su", uncomment the following line:
 
 $ sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
 
-If necessary, create a "wheel" group and add administrative users to the group.</fixtext><fix id="F-61753r926250_fix" /><check system="C-61829r926249_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 requires uses to be members of the "wheel" group with the following command:
+If necessary, create a "wheel" group and add administrative users to the group.</fixtext><fix id="F-61753r926250_fix" /><check system="C-61829r1155642_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 includes users who require privilege escalation to be members of the "wheel" group with the following command:
 
-$ grep pam_wheel /etc/pam.d/su 
+$ sudo grep pam_wheel /etc/pam.d/su 
 
 auth             required        pam_wheel.so use_uid 
 
-If a line for "pam_wheel.so" does not exist, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258089"><title>SRG-OS-000370-GPOS-00155</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258089r1045179_rule" weight="10.0" severity="medium"><version>RHEL-09-433010</version><title>RHEL 9 fapolicy module must be installed.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as allow listing.
+If a line for "pam_wheel.so" does not exist, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258089"><title>SRG-OS-000370-GPOS-00155</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258089r1045179_rule" weight="10.0" severity="medium"><version>RHEL-09-433010</version><title>RHEL 9 fapolicy module must be installed.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as allow listing.
 
 Utilizing an allow list provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of potential vulnerabilities. Verification of allow listed software occurs prior to execution or at system startup.
 
@@ -5448,17 +5048,17 @@ $ sudo passwd -l [username]</fixtext><fix id="F-61785r926346_fix" /><check syste
 
 $ sudo awk -F: '!$2 {print $1}' /etc/shadow
 
-If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-258121"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258121r1102086_rule" weight="10.0" severity="medium"><version>RHEL-09-611160</version><title>RHEL 9 must use the common access card (CAC) smart card driver.</title><description>&lt;VulnDiscussion&gt;Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards.
+If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-258121"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258121r1155682_rule" weight="10.0" severity="medium"><version>RHEL-09-611160</version><title>RHEL 9 must use the common access card (CAC) smart card driver.</title><description>&lt;VulnDiscussion&gt;Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards.
 
-Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000764</ident><ident system="http://cyber.mil/cci">CCI-000766</ident><ident system="http://cyber.mil/cci">CCI-000765</ident><ident system="http://cyber.mil/cci">CCI-004045</ident><ident system="http://cyber.mil/cci">CCI-001941</ident><ident system="http://cyber.mil/cci">CCI-000767</ident><ident system="http://cyber.mil/cci">CCI-000768</ident><ident system="http://cyber.mil/cci">CCI-000770</ident><ident system="http://cyber.mil/cci">CCI-001942</ident><fixtext fixref="F-61786r1045242_fix">Configure RHEL 9 to load the CAC driver.
+Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000109-GPOS-00056, SRG-OS-000108-GPOS-00055, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000764</ident><ident system="http://cyber.mil/cci">CCI-000766</ident><ident system="http://cyber.mil/cci">CCI-000765</ident><ident system="http://cyber.mil/cci">CCI-004045</ident><ident system="http://cyber.mil/cci">CCI-001941</ident><ident system="http://cyber.mil/cci">CCI-000767</ident><ident system="http://cyber.mil/cci">CCI-000768</ident><ident system="http://cyber.mil/cci">CCI-000770</ident><ident system="http://cyber.mil/cci">CCI-001942</ident><fixtext fixref="F-61786r1155681_fix">Configure RHEL 9 to load the CAC driver.
 
-$ sudo opensc-tool --set-conf-entry app:default:card_driver:cac
+$ sudo opensc-tool --set-conf-entry app:default:card_drivers:cac
 
 Restart the pcscd service to apply the changes:
 
-$ sudo systemctl restart pcscd</fixtext><fix id="F-61786r1045242_fix" /><check system="C-61862r1102085_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL loads the CAC driver with the following command:
+$ sudo systemctl restart pcscd</fixtext><fix id="F-61786r1155681_fix" /><check system="C-61862r1155680_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL loads the CAC driver with the following command:
 
-$ sudo opensc-tool --get-conf-entry app:default:card_drivers cac
+$ sudo opensc-tool --get-conf-entry app:default:card_drivers
 
 cac
 
@@ -5541,15 +5141,15 @@ Example output:
 
 opensc.x86_64          0.22.0-2.el9
 
-If the "opensc" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-258127"><title>SRG-OS-000067-GPOS-00035</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258127r1134925_rule" weight="10.0" severity="medium"><version>RHEL-09-611190</version><title>RHEL 9, for PKI-based authentication, must enforce authorized access to the corresponding private key.</title><description>&lt;VulnDiscussion&gt;If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure.
+If the "opensc" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-258127"><title>SRG-OS-000067-GPOS-00035</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258127r1155648_rule" weight="10.0" severity="medium"><version>RHEL-09-611190</version><title>RHEL 9, for PKI-based authentication, must enforce authorized access to the corresponding private key.</title><description>&lt;VulnDiscussion&gt;If the private key is discovered, an attacker can use the key to authenticate as an authorized user and gain access to the network infrastructure.
 
 The cornerstone of the PKI is the private key used to encrypt or digitally sign information.
 
 If the private key is stolen, this will lead to the compromise of the authentication and nonrepudiation gained through PKI because the attacker can use the private key to digitally sign documents and pretend to be the authorized user.
 
-Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices, or whatever they use to keep the private keys.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000186</ident><fixtext fixref="F-61792r926367_fix">Create a new private and public key pair that utilizes a passcode with the following command:
+Both the holders of a digital certificate and the issuing authority must protect the computers, storage devices, or whatever they use to keep the private keys.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000186</ident><fixtext fixref="F-61792r1155647_fix">Create a new private and public key pair that utilizes a passcode with the following command:
 
-$ sudo ssh-keygen -n [passphrase]</fixtext><fix id="F-61792r926367_fix" /><check system="C-61868r1134924_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If the system administrator demonstrates the use of an approved alternate multifactor authentication method, this requirement is not applicable.
+$ sudo ssh-keygen -N [passphrase]</fixtext><fix id="F-61792r1155647_fix" /><check system="C-61868r1134924_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If the system administrator demonstrates the use of an approved alternate multifactor authentication method, this requirement is not applicable.
 
 Verify the SSH private key files have a passcode.
 
@@ -5560,43 +5160,61 @@ $ sudo ssh-keygen -y -f /path/to/file
 The expected output is a password prompt:
  "Enter passphrase:"
 
-If the password prompt is not displayed, and the contents of the key are displayed, this is a finding.</check-content></check></Rule></Group><Group id="V-258128"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258128r1117265_rule" weight="10.0" severity="medium"><version>RHEL-09-611195</version><title>RHEL 9 must require authentication to access emergency mode.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
+If the password prompt is not displayed, and the contents of the key are displayed, this is a finding.</check-content></check></Rule></Group><Group id="V-258128"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258128r1155626_rule" weight="10.0" severity="medium"><version>RHEL-09-611195</version><title>RHEL 9 must require authentication to access emergency mode.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
+
+This requirement prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61793r1155625_fix">Configure RHEL 9 to require authentication for emergency mode.
+
+Create a directory for supplementary configuration files: 
+$ sudo mkdir /etc/systemd/system/emergency.service.d/
 
-This requirement prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61793r926370_fix">Configure RHEL 9 to require authentication for emergency mode.
+Copy the original file emergency.service file to the new directory with:
+$ sudo cp  /usr/lib/systemd/system/emergency.service  /etc/systemd/system/emergency.service.d/emergency.service.conf
 
-Add or modify the following line in the "/usr/lib/systemd/system/emergency.service" file:
+Open the new file:
+$ sudo vi /etc/systemd/system/emergency.service.d/emergency.service.conf
 
-ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</fixtext><fix id="F-61793r926370_fix" /><check system="C-61869r926369_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 requires authentication for emergency mode with the following command:
+Add or modify the following line in the new file:
+ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
+
+Comment out or remove the ExecStart and ExecStartPre lines in /usr/lib/systemd/system/emergency.service as they can only exist in one location.
+
+Apply changes to unit files without rebooting the system:
+$ sudo systemctl daemon-reload</fixtext><fix id="F-61793r1155625_fix" /><check system="C-61869r1155624_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 requires authentication for emergency mode with the following command:
 
 $ grep sulogin /usr/lib/systemd/system/emergency.service 
 
 ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
 
-If this line is not returned, or is commented out, this is a finding. If the output is different, this is a finding.</check-content></check></Rule></Group><Group id="V-258129"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258129r1117265_rule" weight="10.0" severity="medium"><version>RHEL-09-611200</version><title>RHEL 9 must require authentication to access single-user mode.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
+If the line is not returned from the default systemd file, use the following command to look for modifications to the emergency.service:
+
+$ grep sulogin /etc/systemd/system/emergency.service.d/*.conf 
+
+If the line is not returned from either location this is a finding.
+
+Note: The configuration setting can only be in either the default location, or in the drop in file, not both locations.</check-content></check></Rule></Group><Group id="V-258129"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258129r1155628_rule" weight="10.0" severity="medium"><version>RHEL-09-611200</version><title>RHEL 9 must require authentication to access single-user mode.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
 
 This requirement prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.
 
 To modify properties, such as dependencies or timeouts, of a service that is handled by a SysV initscript, do not modify the initscript itself. Instead, create a systemd drop-in configuration file for the service. Then manage this service in the same way as a normal systemd service.
 
-For example, to extend the configuration of the network service, do not modify the /etc/rc.d/init.d/network initscript file. Instead, create new directory /etc/systemd/system/network.service.d/ and a systemd drop-in file /etc/systemd/system/network.service.d/my_config.conf. Then, put the modified values into the drop-in file. Note: systemd knows the network service as network.service, which is why the created directory must be called "network.service.d".&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61794r1102058_fix">Configure RHEL 9 to require authentication for single-user mode.
+For example, to extend the configuration of the network service, do not modify the /etc/rc.d/init.d/network initscript file. Instead, create new directory /etc/systemd/system/network.service.d/ and a systemd drop-in file /etc/systemd/system/network.service.d/my_config.conf. Then, put the modified values into the drop-in file. Note: systemd knows the network service as network.service, which is why the created directory must be called "network.service.d".&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-61794r1155627_fix">Configure RHEL 9 to require authentication for single-user mode.
 
-Create a directory for supplementary configuration files at /etc/systemd/system/rescue.service.d/
+Create a directory for supplementary configuration files: 
+$ sudo mkdir /etc/systemd/system/rescue.service.d/
 
 Copy the original file rescue.service file to the new directory with:
-
 $ sudo cp  /usr/lib/systemd/system/rescue.service  /etc/systemd/system/rescue.service.d/rescue.service.conf
 
-Add or modify the following line in the "etc/systemd/system/rescue.service.d/rescue.service.conf" file:
+Open the new file:
+$ sudo vi etc/systemd/system/rescue.service.d/rescue.service.conf
 
+Add this line to the new file:
 ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
 
-Apply changes to unit files without rebooting the system:
-
-$ sudo systemctl daemon-reload
-
-If the modified unit file belongs to a running service, restart the service:
+Comment out or remove the ExecStart and ExecStartPre lines in /usr/lib/systemd/system/rescue.service as they can only exist in one location.
 
-$ sudo  systemctl restart rescue.service</fixtext><fix id="F-61794r1102058_fix" /><check system="C-61870r1106457_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 requires authentication for single-user mode with the following command:
+Apply changes to unit files without rebooting the system:
+$ sudo systemctl daemon-reload</fixtext><fix id="F-61794r1155627_fix" /><check system="C-61870r1106457_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 requires authentication for single-user mode with the following command:
 
 $ grep sulogin /usr/lib/systemd/system/rescue.service 
 
@@ -5686,7 +5304,7 @@ $ sudo grep -ir offline_credentials_expiration /etc/sssd/sssd.conf /etc/sssd/con
 
 offline_credentials_expiration = 1
 
-If "offline_credentials_expiration" is not set to a value of "1", this is a finding.</check-content></check></Rule></Group><Group id="V-258134"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258134r1101983_rule" weight="10.0" severity="medium"><version>RHEL-09-651010</version><title>RHEL 9 must have the AIDE package installed.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+If "offline_credentials_expiration" is not set to a value of "1", this is a finding.</check-content></check></Rule></Group><Group id="V-258134"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258134r1155620_rule" weight="10.0" severity="medium"><version>RHEL-09-651010</version><title>RHEL 9 must have the AIDE package installed.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
 Selection lines in the aide.conf file determine which files and directories AIDE will monitor for changes. They follow this format:
 
@@ -5740,21 +5358,23 @@ Example output:
 2023-06-05 10:16:08 -0600 (AIDE 0.16)
 AIDE found NO differences between database and filesystem. Looks okay!!
 
-...</fixtext><fix id="F-61799r926388_fix" /><check system="C-61875r1101982_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the file integrity tool is configured to verify ACLs.
+...</fixtext><fix id="F-61799r926388_fix" /><check system="C-61875r1155619_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the file integrity tool is configured to verify ACLs.
 
 Note: AIDE is highly configurable at install time. This requirement assumes the "aide.conf" file is under the "/etc" directory.
 
-If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system.
+Verify AIDE is installed with the following command:
 
-Use the following command to determine if the file is in a location other than "/etc/aide/aide.conf":
+$ sudo dnf list installed aide
 
-$ sudo find / -name aide.conf
+Updating Subscription Management repositories.
+Installed Packages
+aide.x86_64                                0.16-103.el9                                @rhel-9-for-x86_64-appstream-rpms
 
-Use the following command to review the "aide.conf" file to determine if the "acl" rule has been added to the rule list being applied to the files and directories selection lists:
+Use the following command to determine if the file is in a location other than "/etc/aide/aide.conf":
 
-$ sudo cat /etc/aide.conf | more
+$ sudo find / -name aide.conf
 
-If the "acl" rule is not being used on all selection lines in the "/etc/aide.conf" file, is commented out, or ACLs are not being checked by another file integrity tool, this is a finding.</check-content></check></Rule></Group><Group id="V-258135"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258135r1045267_rule" weight="10.0" severity="medium"><version>RHEL-09-651015</version><title>RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
+If AIDE is not installed, ask the system administrator (SA) how file integrity checks are performed on the system.</check-content></check></Rule></Group><Group id="V-258135"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258135r1045267_rule" weight="10.0" severity="medium"><version>RHEL-09-651015</version><title>RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
 
 Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's information management officer (IMO)/information system security officer (ISSO) and system administrators (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.
 
@@ -5879,11 +5499,14 @@ $ systemctl is-active rsyslog
 
 active
 
-If the rsyslog service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-258143"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258143r1134931_rule" weight="10.0" severity="medium"><version>RHEL-09-652025</version><title>RHEL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.</title><description>&lt;VulnDiscussion&gt;Unintentionally running a rsyslog server accepting remote messages puts the system at increased risk. Malicious rsyslog messages sent to the server could exploit vulnerabilities in the server software itself, could introduce misleading information into the system's logs, or could fill the system's storage leading to a denial of service.
+If the rsyslog service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-258143"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258143r1155671_rule" weight="10.0" severity="medium"><version>RHEL-09-652025</version><title>RHEL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.</title><description>&lt;VulnDiscussion&gt;Unintentionally running a rsyslog server accepting remote messages puts the system at increased risk. Malicious rsyslog messages sent to the server could exploit vulnerabilities in the server software itself, could introduce misleading information into the system's logs, or could fill the system's storage leading to a denial of service.
 
-If the system is intended to be a log aggregation server, its use must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61808r1045282_fix">Configure RHEL 9 to not receive remote logs using rsyslog.
+If the system is intended to be a log aggregation server, its use must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-61808r1155670_fix">Configure RHEL 9 to not receive remote logs using rsyslog.
 
 Remove the lines in /etc/rsyslog.conf and any files in the /etc/rsyslog.d directory that match any of the following:
+InputTCPServerRun
+UDPServerRun
+RELPServerRun
 module(load="imtcp")
 module(load="imudp")
 module(load="imrelp")
@@ -5893,21 +5516,21 @@ input(type="imrelp" port="514")
 
 The rsyslog daemon must be restarted for the changes to take effect:
 
-$ sudo systemctl restart rsyslog.service</fixtext><fix id="F-61808r1045282_fix" /><check system="C-61884r1134930_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If the system administrator can demonstrate that another tool (e.g., SPLUNK) is being used to manage log offload and aggregation in lieu of rsyslog, this check is not applicable.
+$ sudo systemctl restart rsyslog.service</fixtext><fix id="F-61808r1155670_fix" /><check system="C-61884r1155669_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If the system administrator can demonstrate that another tool (e.g., SPLUNK) is being used to manage log off-load and aggregation in lieu of rsyslog, this check is not applicable.
 
-Verify that RHEL 9 is not configured to receive remote logs using rsyslog with the following commands:
+Verify RHEL 9 is not configured to receive remote logs using rsyslog with the following commands:
 
 $ ss -tulnp | grep rsyslog
 
-If no output is returned, rsyslog is not listening for remote logs.
+If no output is returned, rsyslog is not listening for remote messages, and is compliant.
 
 If output appears, check for configured ports (514 is the default for syslog).
 
 Check for remote logging configuration in rsyslog by examining the rsyslog configuration files:
 
-$ sudo grep -E 'InputTCPServerRun | UDPServerRun' /etc/rsyslog.conf /etc/rsyslog.d/*
+$ sudo grep -E 'InputTCPServerRun | UDPServerRun | RELPServerRun | imtcp | imudp | imrelp' /etc/rsyslog.conf /etc/rsyslog.d/*
 
-If uncommented lines are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-258144"><title>SRG-OS-000032-GPOS-00013</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258144r1045286_rule" weight="10.0" severity="medium"><version>RHEL-09-652030</version><title>All RHEL 9 remote access methods must be monitored.</title><description>&lt;VulnDiscussion&gt;Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000067</ident><fixtext fixref="F-61809r1045285_fix">Add or update the following lines to the "/etc/rsyslog.conf" file or a file in "/etc/rsyslog.d":
+If this command returns uncommented lines enabling network listeners, the system is accepting remote logs.  If this system is not documented and authorized as a log aggregation server, this is a finding.</check-content></check></Rule></Group><Group id="V-258144"><title>SRG-OS-000032-GPOS-00013</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258144r1045286_rule" weight="10.0" severity="medium"><version>RHEL-09-652030</version><title>All RHEL 9 remote access methods must be monitored.</title><description>&lt;VulnDiscussion&gt;Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000067</ident><fixtext fixref="F-61809r1045285_fix">Add or update the following lines to the "/etc/rsyslog.conf" file or a file in "/etc/rsyslog.d":
 
 auth.*;authpriv.*;daemon.* /var/log/secure
 
@@ -5983,7 +5606,7 @@ $ grep -Ei 'DefaultNetStreamDriver\b|StreamDriver.Name' /etc/rsyslog.conf /etc/r
 
 If the value of the "$DefaultNetstreamDriver or StreamDriver" option is not set to "gtls" or the line is commented out, this is a finding.
 
-If the variable name "StreamDriver" is present in an omfwd statement block, this is not a finding. However, if the "StreamDriver" variable is in a module block, this is a finding.</check-content></check></Rule></Group><Group id="V-258149"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258149r1106462_rule" weight="10.0" severity="medium"><version>RHEL-09-652055</version><title>RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If the variable name "StreamDriver" is present in an omfwd statement block, this is not a finding. However, if the "StreamDriver" variable is in a module block, this is a finding.</check-content></check></Rule></Group><Group id="V-258149"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258149r1155580_rule" weight="10.0" severity="medium"><version>RHEL-09-652055</version><title>RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.
 
@@ -5997,13 +5620,29 @@ TCP *.* @@remotesystemname
 RELP *.* :omrelp:remotesystemname:2514
 Note that a port number was given as there is no standard port for RELP.
 
-Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPOS-00133&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-61814r1106361_fix">Configure RHEL 9 to off-load audit records onto a different system or media from the system being audited via TCP using rsyslog by specifying the remote logging server in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server.
+Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPOS-00133&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-61814r1155579_fix">Configure RHEL 9 to off-load audit records onto a different system or media from the system being audited via TCP using rsyslog by specifying the remote logging server in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server. The following are examples of the configuration for the legacy syntax and for the newer Rainer script. Only one should be used.
 
-*.* @@[remoteloggingserver]:[port]</fixtext><fix id="F-61814r1106361_fix" /><check system="C-61890r1106461_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 audit system off-loads audit records onto a different system or media from the system being audited via rsyslog using TCP with the following command:
+Using legacy '@host:port" syntax example:
+*.* @@[remoteloggingserver]:[port]
 
-$ sudo grep -iR '@@' /etc/rsyslog.conf /etc/rsyslog.d/
+Using Rainer script example:
+action(
+    type="omfwd"
+    target="logserver.example.com"
+    port="514"
+    protocol="tcp"
+    action.resumeRetryCount="-1"
+    queue.type="linkedList"
+    que.size="10000"
+)
 
-/etc/rsyslog.d/remoteLogging.conf:*.* @@[remoteloggingserver]:[port]
+Note: The Rainer Script above does not contain the required encryption settings.</fixtext><fix id="F-61814r1155579_fix" /><check system="C-61890r1155578_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 audit system off-loads audit records onto a different system or media from the system being audited via rsyslog using TCP with the following commands:
+
+To check for legacy configuration syntax, perform the following:
+$ sudo grep -ir '@@' /etc/rsyslog.conf /etc/rsyslog.d/
+
+To check for Rainer script syntax, perform the following:
+$ sudo grep -rq 'type="omfwd"' /etc/rsyslog.conf /etc/rsyslog.d/
 
 If a remote server is not configured, or the line is commented out, ask the system administrator (SA) to indicate how the audit logs are off-loaded to a different system or media. 
 
@@ -6272,7 +5911,7 @@ $ sudo stat -c '%U %n' /var/log/audit
 
 root /var/log/audit
 
-If the audit log directory is not owned by "root", this is a finding.</check-content></check></Rule></Group><Group id="V-258167"><title>SRG-OS-000057-GPOS-00027</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258167r1101918_rule" weight="10.0" severity="medium"><version>RHEL-09-653090</version><title>RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.</title><description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+If the audit log directory is not owned by "root", this is a finding.</check-content></check></Rule></Group><Group id="V-258167"><title>SRG-OS-000057-GPOS-00027</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258167r1155630_rule" weight="10.0" severity="medium"><version>RHEL-09-653090</version><title>RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.</title><description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
 
@@ -6294,19 +5933,19 @@ $ sudo chmod 0440 $log_file.*
 Otherwise, configure the permissions the following way:
 
 $ sudo chmod 0600 $log_file
-$ sudo chmod 0400 $log_file.*</fixtext><fix id="F-61832r1045305_fix" /><check system="C-61908r1101917_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the audit logs have a mode of "0600". 
+$ sudo chmod 0400 $log_file.*</fixtext><fix id="F-61832r1045305_fix" /><check system="C-61908r1155629_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the audit logs have a mode of "0600". 
 
 Determine where the audit logs are stored with the following command:
 
-$ sudo find /var/log/audit/ -type f -exec stat -c '%a %n' {} \;
+$ sudo grep "^log_file" /etc/audit/auditd.conf
 
-600 /var/log/audit/audit.log
+log_file = /var/log/audit/audit.log
 
 Using the location of the audit log file, determine the mode of each audit log with the following command:
 
 $ sudo find /var/log/audit/ -type f -exec stat -c '%a %n' {} \;
 
-rw-------. 2 root root 237923 Jun 11 11:56 /var/log/audit/audit.log
+600 /var/log/audit/audit.log
 
 If the audit logs have a mode more permissive than "0600", this is a finding.</check-content></check></Rule></Group><Group id="V-258168"><title>SRG-OS-000051-GPOS-00024</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258168r958428_rule" weight="10.0" severity="medium"><version>RHEL-09-653095</version><title>RHEL 9 must periodically flush audit records to disk to prevent the loss of audit records.</title><description>&lt;VulnDiscussion&gt;If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000154</ident><fixtext fixref="F-61833r943023_fix">Configure RHEL 9 to flush audit to disk by adding or updating the following rule in "/etc/audit/auditd.conf":
 
@@ -6405,7 +6044,7 @@ Example output:
 
 audispd-plugins.x86_64          3.0.7-101.el9_0.2
 
-If the "audispd-plugins" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-258176"><title>SRG-OS-000326-GPOS-00126</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258176r1106366_rule" weight="10.0" severity="medium"><version>RHEL-09-654010</version><title>RHEL 9 must audit uses of the "execve" system call.</title><description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
+If the "audispd-plugins" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-258176"><title>SRG-OS-000326-GPOS-00126</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258176r1155595_rule" weight="10.0" severity="medium"><version>RHEL-09-654010</version><title>RHEL 9 must audit uses of the "execve" system call.</title><description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
 
 Satisfies: SRG-OS-000326-GPOS-00126, SRG-OS-000327-GPOS-00127&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002233</ident><ident system="http://cyber.mil/cci">CCI-002234</ident><fixtext fixref="F-61841r1045312_fix">Configure RHEL 9 to audit the execution of the "execve" system call.
 
@@ -6418,16 +6057,16 @@ Add or update the following file system rules to "/etc/audit/rules.d/audit.rules
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61841r1045312_fix" /><check system="C-61917r1106365_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "execve" system call with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61841r1045312_fix" /><check system="C-61917r1155594_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "execve" system call with the following command:
 
 $ sudo auditctl -l | grep execve
 
--a always,exit -S arch=b32 -S execve -C uid!=euid -F euid=0 -F key=execpriv
--a always,exit -S arch=b64 -S execve -C uid!=euid -F euid=0 -F key=execpriv
--a always,exit -S arch=b32 -S execve -C gid!=egid -F egid=0 -F key=execpriv
--a always,exit -S arch=b64 -S execve -C gid!=egid -F egid=0 -F key=execpriv
+-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv
+-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv
+-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv
+-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv
 
-If the command does not return all lines, or the lines are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258177"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258177r1106368_rule" weight="10.0" severity="medium"><version>RHEL-09-654015</version><title>RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return all lines, or the lines are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258177"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258177r1155597_rule" weight="10.0" severity="medium"><version>RHEL-09-654015</version><title>RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6444,14 +6083,14 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61842r1045315_fix" /><check system="C-61918r1106367_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "chmod", "fchmod", and "fchmodat" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61842r1045315_fix" /><check system="C-61918r1155596_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "chmod", "fchmod", and "fchmodat" system calls with the following command:
 
 $ sudo auditctl -l | grep chmod
 
--a always,exit -S arch=b32 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
--a always,exit -S arch=b64 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
 
-If both the "b32" and "b64" audit rules are not defined for the "chmod", "fchmod", and "fchmodat" system calls, this is a finding.</check-content></check></Rule></Group><Group id="V-258178"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258178r1106370_rule" weight="10.0" severity="medium"><version>RHEL-09-654020</version><title>RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "chmod", "fchmod", and "fchmodat" system calls, this is a finding.</check-content></check></Rule></Group><Group id="V-258178"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258178r1155599_rule" weight="10.0" severity="medium"><version>RHEL-09-654020</version><title>RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6468,14 +6107,14 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61843r1045318_fix" /><check system="C-61919r1106369_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the  "chown", "fchown", "fchownat", and "lchown" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61843r1045318_fix" /><check system="C-61919r1155598_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the  "chown", "fchown", "fchownat", and "lchown" system calls with the following command:
 
 $ sudo auditctl -l | grep chown
 
--a always,exit -S arch=b32 -S lchown,fchown,chown,fchownat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
--a always,exit -S arch=b64 -S chown,fchown,lchown,fchownat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b32 -S lchown,fchown,chown,fchownat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b64 -S chown,fchown,lchown,fchownat -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
 
-If both the "b32" and "b64" audit rules are not defined for the "chown", "fchown", "fchownat", and "lchown" system calls, this is a finding.</check-content></check></Rule></Group><Group id="V-258179"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258179r1106371_rule" weight="10.0" severity="medium"><version>RHEL-09-654025</version><title>RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "chown", "fchown", "fchownat", and "lchown" system calls, this is a finding.</check-content></check></Rule></Group><Group id="V-258179"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258179r1155601_rule" weight="10.0" severity="medium"><version>RHEL-09-654025</version><title>RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6492,14 +6131,14 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61844r1045321_fix" /><check system="C-61920r1101944_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61844r1045321_fix" /><check system="C-61920r1155600_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls with the following command:
 
 $ sudo auditctl -l | grep xattr
 
--a always,exit -S arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
--a always,exit -S arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
--a always,exit -S arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid=0 -F key=perm_mod
--a always,exit -S arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid=0 -F key=perm_mod
+-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid&gt;=1000 -F auid!=-1 -F key=perm_mod
+-a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid=0 -F key=perm_mod
+-a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid=0 -F key=perm_mod
 
 If both the "b32" and "b64" audit rules are not defined for the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls, or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258180"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258180r1045325_rule" weight="10.0" severity="medium"><version>RHEL-09-654030</version><title>RHEL 9 must audit all uses of umount system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -6641,7 +6280,7 @@ $ sudo auditctl -l | grep setsebool
 
 -a always,exit -S all -F path=/usr/sbin/setsebool -F perm=x -F auid&gt;=1000 -F auid!=-1 -F key=privileged
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258187"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258187r1106373_rule" weight="10.0" severity="medium"><version>RHEL-09-654065</version><title>RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258187"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258187r1155603_rule" weight="10.0" severity="medium"><version>RHEL-09-654065</version><title>RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6656,14 +6295,14 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61852r1045345_fix" /><check system="C-61928r1106372_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit successful/unsuccessful attempts to use the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61852r1045345_fix" /><check system="C-61928r1155602_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit successful/unsuccessful attempts to use the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls with the following command:
 
 $ sudo auditctl -l | grep 'rename\|unlink\|rmdir'
 
--a always,exit -S arch=b32 -S unlink,rename,rmdir,unlinkat,renameat -F auid&gt;=1000 -F auid!=-1 -F key=delete
--a always,exit -S arch=b64 -S rename,rmdir,unlink,unlinkat,renameat -F auid&gt;=1000 -F auid!=-1 -F key=delete
+-a always,exit -F arch=b32 -S unlink,rename,rmdir,unlinkat,renameat -F auid&gt;=1000 -F auid!=-1 -F key=delete
+-a always,exit -F arch=b64 -S rename,rmdir,unlink,unlinkat,renameat -F auid&gt;=1000 -F auid!=-1 -F key=delete
 
-If the command does not return an audit rule for "rename", "unlink", "rmdir", "renameat", and "unlinkat" or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258188"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258188r1106375_rule" weight="10.0" severity="medium"><version>RHEL-09-654070</version><title>RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return an audit rule for "rename", "unlink", "rmdir", "renameat", and "unlinkat" or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258188"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258188r1155605_rule" weight="10.0" severity="medium"><version>RHEL-09-654070</version><title>RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6681,20 +6320,20 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61853r1045348_fix" /><check system="C-61929r1106374_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit successful/unsuccessful attempts to use the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61853r1045348_fix" /><check system="C-61929r1155604_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit successful/unsuccessful attempts to use the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls with the following command:
 
 $ sudo auditctl -l | grep 'open\b\|openat\|open_by_handle_at\|truncate\|creat'
 
--a always,exit -S arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -S auid!=-1 -F key=perm_access
--a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -S auid!=-1 -F key=perm_access
--a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -S auid!=-1 -F key=perm_access
--a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -S auid!=-1 -F key=perm_access
+-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=-1 -F key=perm_access
+-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EPERM -F auid&gt;=1000 -F auid!=-1 -F key=perm_access
+-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=-1 -F key=perm_access
+-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F auid&gt;=1000 -F auid!=-1 -F key=perm_access
 
 If the output does not produce rules containing "-F exit=-EPERM", this is a finding.
 
 If the output does not produce rules containing "-F exit=-EACCES", this is a finding.
 
-If the command does not return an audit rule for "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258189"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258189r1106377_rule" weight="10.0" severity="medium"><version>RHEL-09-654075</version><title>RHEL 9 must audit all uses of the delete_module system call.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return an audit rule for "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258189"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258189r1155607_rule" weight="10.0" severity="medium"><version>RHEL-09-654075</version><title>RHEL 9 must audit all uses of the delete_module system call.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6709,14 +6348,14 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61854r1045351_fix" /><check system="C-61930r1106376_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "delete_module" system call with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61854r1045351_fix" /><check system="C-61930r1155606_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "delete_module" system call with the following command:
 
 $ sudo auditctl -l | grep delete_module
 
--a always,exit -S arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
--a always,exit -S arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
+-a always,exit -F arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
+-a always,exit -F arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
 
-If both the "b32" and "b64" audit rules are not defined for the "delete_module" system call, or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258190"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258190r1106379_rule" weight="10.0" severity="medium"><version>RHEL-09-654080</version><title>RHEL 9 must audit all uses of the init_module and finit_module system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "delete_module" system call, or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258190"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258190r1155609_rule" weight="10.0" severity="medium"><version>RHEL-09-654080</version><title>RHEL 9 must audit all uses of the init_module and finit_module system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -6731,12 +6370,12 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61855r1045354_fix" /><check system="C-61931r1106378_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "init_module" and "finit_module" system calls with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61855r1045354_fix" /><check system="C-61931r1155608_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of the "init_module" and "finit_module" system calls with the following command:
 
 $ sudo auditctl -l | grep init_module
 
--a always,exit -S arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
--a always,exit -S arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
+-a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
+-a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=-1 -F key=module_chng
 
 If both the "b32" and "b64" audit rules are not defined for the "init_module" system call, or any of the lines returned are commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258191"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258191r1045358_rule" weight="10.0" severity="medium"><version>RHEL-09-654085</version><title>RHEL 9 must audit all uses of the chage command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -7186,7 +6825,7 @@ $ sudo cat /etc/audit/rules.d/* | grep shutdown
 
 -a always,exit -S all -F path=/usr/sbin/shutdown -F perm=x -F auid&gt;=1000 -F auid!=-1 -F key=privileged-shutdown
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258215"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258215r1106381_rule" weight="10.0" severity="medium"><version>RHEL-09-654205</version><title>Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.</title><description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258215"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258215r1155611_rule" weight="10.0" severity="medium"><version>RHEL-09-654205</version><title>Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.</title><description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
 
 Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000169</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-61880r1045429_fix">Configure the audit system to generate an audit event for any successful/unsuccessful use of the "umount" system call by adding or updating the following rules in "/etc/audit/audit.rules" and adding the following rules to "/etc/audit/rules.d/perm_mod.rules" or updating the existing rules in files in the "/etc/audit/rules.d/" directory:
 
@@ -7194,13 +6833,13 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61880r1045429_fix" /><check system="C-61956r1106380_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 generates an audit record for all uses of the "umount" and system call with the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61880r1045429_fix" /><check system="C-61956r1155610_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 generates an audit record for all uses of the "umount" and system call with the following command:
 
 $ sudo auditctl -l | grep b32 | grep 'umount\b'
 
--a always,exit -S arch=b32 -S umount -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
+-a always,exit -F arch=b32 -S umount -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258216"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258216r1102090_rule" weight="10.0" severity="medium"><version>RHEL-09-654210</version><title>Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.</title><description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-258216"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258216r1155613_rule" weight="10.0" severity="medium"><version>RHEL-09-654210</version><title>Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.</title><description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
 
 Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000169</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-61881r1045432_fix">Configure the audit system to generate an audit event for any successful/unsuccessful use of the "umount2" system call by adding or updating the following rules in a file in "/etc/audit/rules.d".
 
@@ -7209,12 +6848,12 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
 
 To load the rules to the kernel immediately, use the following command:
 
-$ sudo augenrules --load</fixtext><fix id="F-61881r1045432_fix" /><check system="C-61957r1102089_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>To determine if the system is configured to audit calls to the umount2 system call, run the following command:
+$ sudo augenrules --load</fixtext><fix id="F-61881r1045432_fix" /><check system="C-61957r1155612_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>To determine if the system is configured to audit calls to the umount2 system call, run the following command:
 
 $ sudo auditctl -l | grep umount2
 
--a always,exit -S arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
--a always,exit -S arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
+-a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
+-a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=-1 -F key=privileged-umount
 
 If no line is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-258217"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258217r1045436_rule" weight="10.0" severity="medium"><version>RHEL-09-654215</version><title>RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.</title><description>&lt;VulnDiscussion&gt;The actions taken by system administrators must be audited to keep a record of what was executed on the system, as well as for accountability purposes. Editing the sudoers file may be sign of an attacker trying to establish persistent methods to a system, auditing the editing of the sudoers files mitigates this risk.
 
@@ -7392,13 +7031,20 @@ $ sudo grep "^\s*[^#]" /etc/audit/audit.rules | tail -1
 
 -e 2
 
-If the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules", this is a finding.</check-content></check></Rule></Group><Group id="V-258230"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258230r1134936_rule" weight="10.0" severity="high"><version>RHEL-09-671010</version><title>RHEL 9 must enable FIPS mode.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. This includes NIST FIPS-validated cryptography for the following: Provisioning digital signatures, generating cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+If the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules", this is a finding.</check-content></check></Rule></Group><Group id="V-258230"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-258230r1155585_rule" weight="10.0" severity="high"><version>RHEL-09-671010</version><title>RHEL 9 must enable FIPS mode.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. This includes NIST FIPS-validated cryptography for the following: Provisioning digital signatures, generating cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
 
-Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000068</ident><ident system="http://cyber.mil/cci">CCI-000877</ident><ident system="http://cyber.mil/cci">CCI-002418</ident><ident system="http://cyber.mil/cci">CCI-002450</ident><fixtext fixref="F-61895r926676_fix">Configure the operating system to implement FIPS mode with the following command
+Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000068</ident><ident system="http://cyber.mil/cci">CCI-000877</ident><ident system="http://cyber.mil/cci">CCI-002418</ident><ident system="http://cyber.mil/cci">CCI-002450</ident><fixtext fixref="F-61895r1155584_fix">Configure the operating system to implement FIPS mode with the following command
 
 $ sudo fips-mode-setup --enable
 
-Reboot the system for the changes to take effect.</fixtext><fix id="F-61895r926676_fix" /><check system="C-61971r1134935_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 is in FIPS mode with the following command:
+To ensure the kernel enables FIPS mode for early boot, "fips=1" must be added to the grub config:
+$ sudo grubby --update-kernel=ALL --args="fips=1"
+
+Verify the setting with the following command:
+$ cat /proc/cmdline
+BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-570.21.1.el9_6.x86_64 root=/dev/mapper/rhel-root ro resume=/dev/mapper/rhel-swap rd.luks.uuid=luks-cd37eb8d-a2c3-4671-96ee-1e6a3a681561 rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 boot=UUID=acbbb4ee-adc0-4cb2-9546-afab857b8849 audit_backlog_limit=8192 crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M
+
+Reboot the system for the changes to take effect.</fixtext><fix id="F-61895r1155584_fix" /><check system="C-61971r1155583_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is in FIPS mode with the following command:
 
 $ sudo fips-mode-setup --check
 FIPS mode is enabled.
@@ -7614,7 +7260,7 @@ banner-message-text=
 
 Note: The "\n " characters are for formatting only. They will not be displayed on the graphical interface.
 
-If the banner does not match the Standard Mandatory DOD Notice and Consent Banner exactly, this is a finding.</check-content></check></Rule></Group><Group id="V-270175"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-270175r1117265_rule" weight="10.0" severity="medium"><version>RHEL-09-232103</version><title>RHEL 9 "/etc/audit/" must be owned by root.</title><description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000162</ident><fixtext fixref="F-74109r1044963_fix">Change the owner of the file "/etc/audit/" to "root" by running the following command:
+If the banner does not match the Standard Mandatory DOD Notice and Consent Banner exactly, this is a finding.</check-content></check></Rule></Group><Group id="V-270175"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-270175r1137691_rule" weight="10.0" severity="medium"><version>RHEL-09-232103</version><title>RHEL 9 "/etc/audit/" must be owned by root.</title><description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000162</ident><fixtext fixref="F-74109r1044963_fix">Change the owner of the file "/etc/audit/" to "root" by running the following command:
 
 $ sudo chown root /etc/audit/</fixtext><fix id="F-74109r1044963_fix" /><check system="C-74208r1044962_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the ownership of the "/etc/audit/" directory with the following command:
 
@@ -7622,7 +7268,7 @@ $ sudo stat -c "%U %n" /etc/audit/
 
 root /etc/audit/
 
-If the "/etc/audit/" directory does not have an owner of "root", this is a finding.</check-content></check></Rule></Group><Group id="V-270176"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-270176r1117265_rule" weight="10.0" severity="medium"><version>RHEL-09-232104</version><title>RHEL 9 "/etc/audit/" must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000162</ident><fixtext fixref="F-74110r1044966_fix">Change the group of the file "/etc/audit/" to "root" by running the following command:
+If the "/etc/audit/" directory does not have an owner of "root", this is a finding.</check-content></check></Rule></Group><Group id="V-270176"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-270176r1137691_rule" weight="10.0" severity="medium"><version>RHEL-09-232104</version><title>RHEL 9 "/etc/audit/" must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000162</ident><fixtext fixref="F-74110r1044966_fix">Change the group of the file "/etc/audit/" to "root" by running the following command:
 
 $ sudo chgrp root /etc/audit/</fixtext><fix id="F-74110r1044966_fix" /><check system="C-74209r1044965_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify the group ownership of the "/etc/audit/" directory with the following command:
 
@@ -7718,11 +7364,13 @@ allow exe=/usr/bin/python3.7 : ftype=text/x-python
 deny_audit perm=any pattern=ld_so : all
 deny perm=any all : all
 
-If "fapolicyd" is not running in enforcement mode with a deny-all, permit-by-exception policy, this is a finding.</check-content></check></Rule></Group><Group id="V-272488"><title>SRG-OS-000304-GPOS-00121</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-272488r1082178_rule" weight="10.0" severity="medium"><version>RHEL-09-215101</version><title>RHEL 9 must have the Postfix package installed.</title><description>&lt;VulnDiscussion&gt;Postfix is a free, open-source mail transfer agent (MTA) that sends and receives emails. It is a server-side application that can be used to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups. Postfix supports protocols such as LDAP, SMTP AUTH (SASL), and TLS. It uses the Simple Mail Transfer Protocol (SMTP) to transfer emails between servers.
+If "fapolicyd" is not running in enforcement mode with a deny-all, permit-by-exception policy, this is a finding.</check-content></check></Rule></Group><Group id="V-272488"><title>SRG-OS-000304-GPOS-00121</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-272488r1155665_rule" weight="10.0" severity="medium"><version>RHEL-09-215101</version><title>RHEL 9 must have the Postfix package installed.</title><description>&lt;VulnDiscussion&gt;Postfix is a free, open-source mail transfer agent (MTA) that sends and receives emails. It is a server-side application that can be used to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups. Postfix supports protocols such as LDAP, SMTP AUTH (SASL), and TLS. It uses the Simple Mail Transfer Protocol (SMTP) to transfer emails between servers.
 
 Satisfies: SRG-OS-000304-GPOS-00121, SRG-OS-000343-GPOS-00134, SRG-OS-000363-GPOS-00150, SRG-OS-000447-GPOS-00201&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000015</ident><fixtext fixref="F-76447r1082177_fix">Install the Postfix package with the following command:
  
-$ sudo dnf install postfix</fixtext><fix id="F-76447r1082177_fix" /><check system="C-76542r1082176_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 has the Postfix package installed with the following command:
+$ sudo dnf install postfix</fixtext><fix id="F-76447r1082177_fix" /><check system="C-76542r1155664_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Note: If the admin can demonstrate that there is another system/service to send audit failure notifications to the administrator/ISSO, this control is not applicable.
+
+Verify RHEL 9 has the Postfix package installed with the following command:
 
 $ sudo dnf list --installed postfix
 
@@ -7730,12 +7378,12 @@ Example output:
 
 postfix.x86_64                             2:3.5.25-1.el9 
 
-If the "postfix" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-272496"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-272496r1134956_rule" weight="10.0" severity="medium"><version>RHEL-09-431016</version><title>RHEL 9 must elevate the SELinux context when an administrator calls the sudo command.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
-
-This requirement applies to operating systems performing security function verification/testing and/or systems and environments that require this functionality.
-
-Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
-
+If the "postfix" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-272496"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-272496r1155582_rule" weight="10.0" severity="medium"><version>RHEL-09-431016</version><title>RHEL 9 must elevate the SELinux context when an administrator calls the sudo command.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+
+This requirement applies to operating systems performing security function verification/testing and/or systems and environments that require this functionality.
+
+Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
+
 Privileged functions include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Nonprivileged users are individuals who do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from nonprivileged users.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-76453r1082183_fix">Configure RHEL 9 to elevate the SELinux context when an administrator calls the sudo command.
 
 Edit a file in the "/etc/sudoers.d" directory with the following command:
@@ -7749,13 +7397,27 @@ Use the following example to build the &lt;customfile&gt; in the /etc/sudoers.d
 Remove any configurations that conflict with the above from the following locations:
  
 /etc/sudoers
-/etc/sudoers.d/</fixtext><fix id="F-76453r1082183_fix" /><check system="C-76549r1069439_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify that RHEL 9 elevates the SELinux context when an administrator calls the sudo command with the following command:
+/etc/sudoers.d/</fixtext><fix id="F-76453r1082183_fix" /><check system="C-76549r1155581_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 elevates the SELinux context when an administrator calls the sudo command with the following command:
 
 This command must be run as root:
 
 # grep -r sysadm_r /etc/sudoers /etc/sudoers.d
 %{designated_group_or_user_name} ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL
 
-If conflicting results are returned, this is a finding.
+If a designated sudoers administrator group or account(s) is not configured to elevate the SELinux type and role to "sysadm_t" and "sysadm_r" with the use of the sudo command, this is a finding.</check-content></check></Rule></Group><Group id="V-279936"><title>SRG-OS-000471-GPOS-00215</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-279936r1156361_rule" weight="10.0" severity="medium"><version>RHEL-09-654097</version><title>RHEL 9 must audit any script or executable called by cron as root or by any privileged user.</title><description>&lt;VulnDiscussion&gt;Any script or executable called by cron as root or by any privileged user must be owned by that user. It must also have the permissions 755 or more restrictive and should have no extended rights that allow any nonprivileged user to modify the script or executable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 9</dc:subject><dc:identifier>5551</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-84401r1156360_fix">Configure RHEL 9 to audit the execution of any system call made by cron as root or by any privileged user.
+
+Add or update the following file system rules to "/etc/audit/rules.d/audit.rules":
+-w /etc/cron.d/ -p wa -k cronjobs
+-w /var/spool/cron/ -p wa -k cronjobs
+
+To load the rules to the kernel immediately, use the following command:
+
+$ sudo augenrules --load</fixtext><fix id="F-84401r1156360_fix" /><check system="C-84496r1156359_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_9_STIG.xml" name="M" /><check-content>Verify RHEL 9 is configured to audit the execution of any system call made by cron as root or by any privileged user.
+
+$ sudo auditctl -l | grep /etc/cron.d
+-w /etc/cron.d -p wa -k cronjobs
+
+$ sudo auditctl -l | grep /var/spool/cron
+-w /var/spool/cron -p wa -k cronjobs
 
-If a designated sudoers administrator group or account(s) is not configured to elevate the SELinux type and role to "sysadm_t" and "sysadm_r" with the use of the sudo command, this is a finding.</check-content></check></Rule></Group></Benchmark>
\ No newline at end of file
+If either of these commands do not return the expected output, or the lines are commented out, this is a finding.</check-content></check></Rule></Group></Benchmark>
\ No newline at end of file
diff --git a/shared/references/disa-stig-rhel9-v2r6-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v2r7-xccdf-scap.xml
similarity index 93%
rename from shared/references/disa-stig-rhel9-v2r6-xccdf-scap.xml
rename to shared/references/disa-stig-rhel9-v2r7-xccdf-scap.xml
index 7545d9f22b79..1e605cb9f0f6 100644
--- a/shared/references/disa-stig-rhel9-v2r6-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel9-v2r7-xccdf-scap.xml
@@ -1,36 +1,36 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<data-stream-collection xmlns="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_mil.disa.stig_collection_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark" schematron-version="1.3" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2 http://scap.nist.gov/schema/xccdf/1.2/xccdf_1.2.xsd http://cpe.mitre.org/dictionary/2.0 http://scap.nist.gov/schema/cpe/2.3/cpe-dictionary_2.3.xsd http://cpe.mitre.org/language/2.0 https://csrc.nist.gov/schema/cpe/2.3/cpe-language_2.3.xsd http://oval.mitre.org/XMLSchema/oval-common-5 https://github.com/OVALProject/Language/tree/5.11.2/schemas/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 https://github.com/OVALProject/Language/tree/5.11.2/schemas/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent https://github.com/OVALProject/Language/tree/5.11.2/schemas/independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux https://github.com/OVALProject/Language/tree/5.11.2/schemas/linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix https://github.com/OVALProject/Language/tree/5.11.2/schemas/unix-definitions-schema.xsd http://scap.nist.gov/schema/scap/source/1.2 http://scap.nist.gov/schema/scap/1.3/scap-source-data-stream_1.3.xsd">
-  <data-stream id="scap_mil.disa.stig_datastream_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark" use-case="CONFIGURATION" scap-version="1.3" timestamp="2025-09-27T23:03:44.382-04:00">
+<data-stream-collection xmlns="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_mil.disa.stig_collection_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark" schematron-version="1.3" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2 http://scap.nist.gov/schema/xccdf/1.2/xccdf_1.2.xsd http://cpe.mitre.org/dictionary/2.0 http://scap.nist.gov/schema/cpe/2.3/cpe-dictionary_2.3.xsd http://cpe.mitre.org/language/2.0 https://csrc.nist.gov/schema/cpe/2.3/cpe-language_2.3.xsd http://oval.mitre.org/XMLSchema/oval-common-5 https://github.com/OVALProject/Language/tree/5.11.2/schemas/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 https://github.com/OVALProject/Language/tree/5.11.2/schemas/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent https://github.com/OVALProject/Language/tree/5.11.2/schemas/independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux https://github.com/OVALProject/Language/tree/5.11.2/schemas/linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix https://github.com/OVALProject/Language/tree/5.11.2/schemas/unix-definitions-schema.xsd http://scap.nist.gov/schema/scap/source/1.2 http://scap.nist.gov/schema/scap/1.3/scap-source-data-stream_1.3.xsd">
+  <data-stream id="scap_mil.disa.stig_datastream_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark" use-case="CONFIGURATION" scap-version="1.3" timestamp="2026-01-05T14:28:20.090-05:00">
     <dictionaries>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml">
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml">
         <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-          <uri name="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" />
+          <uri name="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" />
         </catalog>
       </component-ref>
     </dictionaries>
     <checklists>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-xccdf.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-xccdf.xml">
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-xccdf.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-xccdf.xml">
         <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-          <uri name="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" />
+          <uri name="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" />
         </catalog>
       </component-ref>
     </checklists>
     <checks>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" />
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" />
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" />
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" />
     </checks>
   </data-stream>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml" timestamp="2025-09-27T23:03:44.383-04:00">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-dictionary.xml" timestamp="2026-01-05T14:28:20.092-05:00">
     <cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0">
       <cpe-item name="cpe:/o:redhat:enterprise_linux:9.0">
         <title xml:lang="en-us">Red Hat Enterprise Linux 9</title>
-        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml">oval:mil.disa.stig.rhel9os:def:1</check>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml">oval:mil.disa.stig.rhel9os:def:1</check>
       </cpe-item>
     </cpe-list>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-xccdf.xml" timestamp="2025-09-27T23:03:44.388-04:00">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-xccdf.xml" timestamp="2026-01-05T14:28:20.114-05:00">
     <xccdf:Benchmark xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" id="xccdf_mil.disa.stig_benchmark_RHEL_9_STIG" style="SCAP_1.3" xml:lang="en">
-      <xccdf:status date="2025-08-20">accepted</xccdf:status>
+      <xccdf:status date="2025-11-24">accepted</xccdf:status>
       <xccdf:title>Red Hat Enterprise Linux 9 STIG SCAP Benchmark</xccdf:title>
       <xccdf:description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</xccdf:description>
       <xccdf:notice id="terms-of-use" xml:lang="en" />
@@ -40,67 +40,85 @@
         <dc:publisher>DISA</dc:publisher>
         <dc:source>STIG.DOD.MIL</dc:source>
       </xccdf:reference>
-      <xccdf:plain-text id="release-info">Benchmark Date: 01 Oct 2025</xccdf:plain-text>
-      <xccdf:plain-text id="generator">3.5.1</xccdf:plain-text>
+      <xccdf:plain-text id="release-info">Benchmark Date: 05 Jan 2026</xccdf:plain-text>
+      <xccdf:plain-text id="generator">3.5.2</xccdf:plain-text>
       <xccdf:plain-text id="conventionsVersion">1.10.0</xccdf:plain-text>
       <cpe:platform-specification>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxBIND">
           <cpe:title>Linux with BIND installed</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25824200" />
-          </cpe:logical-test>
-        </cpe:platform>
-        <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxGnome">
-          <cpe:title>Gnome-shell Package</cpe:title>
-          <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100005" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25824200" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxNFSMounts">
           <cpe:title>Linux with NFS mounts configured</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25785400" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25785400" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxIPv6enabled">
           <cpe:title>Linux IPv6 Enabled</cpe:title>
           <cpe:logical-test operator="AND" negate="true">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100012" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100012" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxLibreswan">
           <cpe:title>Linux with Libreswan installed</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25823200" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25823200" />
+          </cpe:logical-test>
+        </cpe:platform>
+        <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxGnome">
+          <cpe:title>Gnome-shell Package</cpe:title>
+          <cpe:logical-test operator="AND" negate="false">
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100005" />
+          </cpe:logical-test>
+        </cpe:platform>
+        <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxNoNFSMounts">
+          <cpe:title>Linux with no NFS mounts configured</cpe:title>
+          <cpe:logical-test operator="AND" negate="true">
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25785400" />
+          </cpe:logical-test>
+        </cpe:platform>
+        <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxTFTP">
+          <cpe:title>Linux with TFTP installed</cpe:title>
+          <cpe:logical-test operator="AND" negate="false">
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25795200" />
+          </cpe:logical-test>
+        </cpe:platform>
+        <cpe:platform id="xccdf_mil.disa.stig_platform_RHEL_9_NotFIPS">
+          <cpe:title>RHEL9 and Not FIPS</cpe:title>
+          <cpe:logical-test operator="AND" negate="true">
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:258230" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxKernelDumps">
           <cpe:title>Kernel dumps are enabled</cpe:title>
           <cpe:logical-test operator="AND" negate="true">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:230311" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:230311" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxUEFIBootPartitionNotVfat">
           <cpe:title>Linux UEFI system with boot partition file type other than VFAT</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100016" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.linux:def:100016" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxPostfix">
           <cpe:title>Linux with postfix installed</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25795100" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25795100" />
           </cpe:logical-test>
         </cpe:platform>
         <cpe:platform id="xccdf_mil.disa.stig_platform_LinuxAutofs">
           <cpe:title>Linux with autofs installed</cpe:title>
           <cpe:logical-test operator="AND" negate="false">
-            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25784900" />
+            <cpe:check-fact-ref system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" id-ref="oval:mil.disa.stig.defs:def:25784900" />
           </cpe:logical-test>
         </cpe:platform>
       </cpe:platform-specification>
       <xccdf:platform idref="cpe:/o:redhat:enterprise_linux:9.0" />
-      <xccdf:version>002.006</xccdf:version>
+      <xccdf:version>002.007</xccdf:version>
       <xccdf:metadata>
         <dc:creator>DISA</dc:creator>
         <dc:publisher>DISA</dc:publisher>
@@ -318,12 +336,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -358,7 +374,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -491,6 +506,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -716,12 +732,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -756,7 +770,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -889,6 +902,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -1114,12 +1128,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -1154,7 +1166,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -1287,6 +1298,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -1512,12 +1524,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -1552,7 +1562,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -1685,6 +1694,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -1910,12 +1920,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -1950,7 +1958,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -2083,6 +2090,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -2308,12 +2316,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -2348,7 +2354,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -2481,6 +2486,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -2706,12 +2712,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -2746,7 +2750,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -2879,6 +2882,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -3104,12 +3108,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -3144,7 +3146,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -3277,6 +3278,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -3502,12 +3504,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258013" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258014" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258015" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258017" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258018" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258019" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258020" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258022" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258023" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258024" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258026" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258029" selected="true" />
@@ -3542,7 +3542,6 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258073" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258074" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258075" selected="true" />
-        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258076" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258077" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258078" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258079" selected="true" />
@@ -3675,6 +3674,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258227" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258228" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258229" selected="true" />
+        <xccdf:select idref="xccdf_mil.disa.stig_group_V-258230" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258231" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258232" selected="true" />
         <xccdf:select idref="xccdf_mil.disa.stig_group_V-258233" selected="true" />
@@ -3707,13 +3707,11 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258014r1045084_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258006r1045071_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258049r1015092_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258077r1014874_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258210r1045415_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258182r1045331_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258039r1045131_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258223r1015134_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257796r1044847_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257962r1106437_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258022r1045097_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258042r1045133_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258193r1045364_rule" selected="false" />
@@ -3723,42 +3721,42 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257993r1045049_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258206r1045403_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257825r1044888_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257957r1155618_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258003r1045065_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257890r1044961_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257907r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257922r1044988_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257810r1117266_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257906r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258115r1045238_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257798r1155694_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258029r1045109_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258103r1045210_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257869r1102009_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257959r1102024_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257949r1134947_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257804r1044853_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258048r1069380_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257908r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257975r1106452_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257909r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257787r1117265_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257923r1044991_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258169r991556_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258233r1015136_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257967r1106337_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258195r1045370_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258178r1106370_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258162r958754_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270175r1117265_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257832r1044900_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257939r1044997_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258155r1045300_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257968r1155748_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258071r991588_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258057r1045146_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258165r958434_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257983r1045024_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258215r1155611_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258110r1045223_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258121r1155682_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257947r958480_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258178r1155599_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257964r1155739_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258081r1045164_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257974r1155763_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258142r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258198r1045379_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258212r1045421_rule" selected="false" />
@@ -3768,64 +3766,71 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258231r1069375_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258203r1045394_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257946r958480_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257965r1155646_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258061r958482_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257814r1156057_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258041r1038967_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258149r1155580_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257866r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257792r1044842_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257829r1044896_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257867r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257844r1044918_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258046r991589_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258129r1155628_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258043r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258007r1045073_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257811r1155674_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257911r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258215r1106381_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257863r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257912r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257850r1044930_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257913r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257861r1044941_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258128r1155626_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257831r1044898_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257951r1014843_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257995r1045053_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257885r1044953_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257972r1155757_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258220r1015131_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257958r1106319_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258077r1155659_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257828r1044894_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258035r1045125_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258201r1045388_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257910r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258013r1045082_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258163r958424_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258023r958402_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258159r971542_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257803r1155668_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258152r1015127_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258194r1045367_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257896r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257786r1044834_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258179r1155601_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258211r1045418_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258234r1051250_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257898r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257935r1044994_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257827r1044892_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257864r1106304_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258207r1045406_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258125r1045253_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258141r1045280_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257797r1155691_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257892r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257944r1038944_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257977r1155772_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258168r958428_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257807r1044862_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257964r1106438_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258189r1155607_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257852r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258176r1106366_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257894r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257968r1106339_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257810r1155712_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257954r1106315_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257978r1045013_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257836r1044908_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258218r1101981_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258228r991572_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270176r1137691_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258209r1045412_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270178r1051243_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257805r1044856_rule" selected="false" />
@@ -3838,25 +3843,29 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257921r1106308_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258133r1045263_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257914r1044969_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257963r1155736_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258160r1038966_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258102r1045207_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258224r1014988_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-272488r1082178_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257974r1106450_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257967r1155745_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257843r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257948r1045004_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258033r1045120_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257958r1155721_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257959r1155724_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258056r1045143_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258075r991590_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257925r991557_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257975r1155766_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257842r1044916_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258101r1045204_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257802r1155706_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257841r1044914_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257996r1134915_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-272496r1155582_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258154r1038966_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258091r1045185_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258213r1045424_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257881r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258202r1045391_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258222r1015133_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257878r958804_rule" selected="false" />
@@ -3865,12 +3874,10 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257936r1044995_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258173r1101933_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258175r1045310_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258076r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257876r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257926r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257903r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257905r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257963r1106328_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257788r1044838_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258199r1045382_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257917r1101914_rule" selected="false" />
@@ -3878,7 +3885,8 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257874r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257901r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258229r958434_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258190r1106379_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257960r1155727_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257816r1155715_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258200r1045385_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257870r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258030r1045112_rule" selected="false" />
@@ -3887,33 +3895,31 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257872r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258086r1102063_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258118r1050789_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258088r1155643_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258137r1102081_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257834r1044904_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258054r958736_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257941r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258170r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257977r1106456_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257966r1106440_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258166r1045303_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257832r1155653_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257794r1069362_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258184r1045337_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258012r1014855_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258083r1045168_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258011r1045079_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258099r1045198_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258149r1106462_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257998r1082181_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-272496r1134956_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257816r1106435_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257808r1044865_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-272488r1155665_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258148r1045292_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258037r1014863_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258109r1045220_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258177r1106368_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270175r1137691_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257806r1044859_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258123r1134923_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257787r1137691_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257791r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257801r1106279_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257812r1134897_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257790r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257837r1044910_rule" selected="false" />
@@ -3926,84 +3932,76 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257884r1106306_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258208r1045409_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257793r1044843_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257942r1106314_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257918r1044977_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257798r1117266_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257800r1155700_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258171r1134934_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257797r1117266_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258060r1045150_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258156r1106364_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257962r1155733_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257976r1155769_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258225r1014990_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257966r1155742_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257818r1044876_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257838r1044912_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258055r1045140_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258128r1117265_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258187r1155603_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258167r1155630_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257943r1045001_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257994r1045051_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257957r1106317_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258100r1045201_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257970r1106442_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257801r1155703_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258185r1045340_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258120r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258157r1134932_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258187r1106373_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257809r1155709_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258008r1045075_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258214r1045427_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258019r1045092_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258116r1045240_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258144r1045286_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257882r991560_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257961r1106323_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258112r1045229_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258143r1155671_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258242r958908_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258005r1045069_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257883r991560_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257880r1044951_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257862r1155661_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258034r1051267_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258001r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258002r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258188r1106375_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258097r1045193_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257965r1106333_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257802r1106282_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257934r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257976r1106454_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258017r1045088_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258082r1045166_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258216r1102090_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258188r1155605_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257920r1101926_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257970r1155751_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257839r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257953r958424_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257981r1101970_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257897r991589_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257864r1155639_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257865r1155636_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258158r971542_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258129r1117265_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257824r1044886_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258192r1045361_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258032r1045117_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258088r1050789_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257813r1134899_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258036r1014861_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257891r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257899r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258153r1038966_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258189r1106377_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258084r1050789_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258219r1015130_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258205r1045400_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258121r1102086_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258143r1134931_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257862r1134908_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257799r1155697_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258114r1045235_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257845r1044920_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257893r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258179r1106371_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257868r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257895r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257847r1044924_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257919r1044979_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257927r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257973r1106448_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257980r1045016_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258183r1045334_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257886r1044955_rule" selected="false" />
@@ -4015,26 +4013,29 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257979r958908_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258117r1015116_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257855r1044936_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258216r1155613_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258015r1045086_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257991r1051246_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257799r1106273_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258002r1155590_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258147r1045290_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258104r1015104_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258164r1045301_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257960r1106321_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258098r1045195_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257961r1155730_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258045r958482_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257800r1117266_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258122r1045246_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270176r1117265_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257881r1155663_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257969r1155623_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257992r1045047_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258105r1045212_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257782r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257849r1044928_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257863r1155633_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258085r1045173_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257924r991557_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258089r1045179_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257783r991562_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257973r1155760_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258020r1045094_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258186r1045343_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258087r1102071_rule" selected="false" />
@@ -4045,38 +4046,34 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257815r1134903_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258204r1045397_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257916r1101916_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258167r1101918_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257915r1044971_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257989r1051240_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258090r958808_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258009r1045077_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258177r1155597_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258140r1106460_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257971r1106444_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257840r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258111r1045226_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257982r1045021_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258073r1045157_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257811r1117266_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257942r1155718_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257904r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257877r958804_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257972r1106446_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258151r1045298_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258217r1045436_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257969r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257795r1044845_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257865r1044946_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258176r1155595_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257873r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257900r991589_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257803r1106429_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257809r1106288_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257875r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257902r991589_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258026r1045103_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258181r1045328_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-270180r1045182_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257814r1134901_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257971r1155754_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257848r1044926_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258072r1045155_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258190r1155609_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257871r958804_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-258024r1045100_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-257997r1069370_rule" selected="false" />
@@ -4084,12 +4081,15 @@
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257777">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257777r991589_rule" severity="high" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257777r1155676_rule" severity="high" weight="10.0">
           <xccdf:version>RHEL-09-211010</xccdf:version>
           <xccdf:title>RHEL 9 must be a vendor-supported release.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
 
-Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
+End Of Life dates for Red Hat Linux 9 releases are as follows:
+Current end of Full Support for Red Hat Linux 9 is 31 May 2027.
+Current end of Maintenance Support for Red Hat Linux 9 is 31 May 3032.
+Current end of Extended Life Cycle Support (ELS) for Red Hat Linux 9 is 31 May 2035.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
           <xccdf:reference>
             <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
             <dc:publisher>DISA</dc:publisher>
@@ -4101,7 +4101,7 @@ Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise
           <xccdf:fixtext fixref="F-61442r925317_fix">Upgrade to a supported version of RHEL 9.</xccdf:fixtext>
           <xccdf:fix id="F-61442r925317_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257777" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257777" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4125,7 +4125,7 @@ Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise
 $ sudo systemctl set-default multi-user.target</xccdf:fixtext>
           <xccdf:fix id="F-61446r925329_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257781" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257781" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4145,6 +4145,7 @@ The rngd service feeds random data from hardware device to kernel random device.
             <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
+          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_RHEL_9_NotFIPS" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
           <xccdf:fixtext fixref="F-61447r925332_fix">Install the rng-tools package with the following command:
 
@@ -4155,7 +4156,7 @@ Then enable the rngd service run the following command:
 $ sudo systemctl enable --now rngd</xccdf:fixtext>
           <xccdf:fix id="F-61447r925332_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257782" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257782" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4179,14 +4180,14 @@ $ sudo systemctl enable --now rngd</xccdf:fixtext>
 $ sudo systemctl enable --now systemd-journald</xccdf:fixtext>
           <xccdf:fix id="F-61448r925335_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257783" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257783" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257784">
         <xccdf:title>SRG-OS-000324-GPOS-00125</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257784r1044832_rule" severity="high" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257784r1155651_rule" severity="high" weight="10.0">
           <xccdf:version>RHEL-09-211045</xccdf:version>
           <xccdf:title>The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
@@ -4200,16 +4201,22 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002235</xccdf:ident>
-          <xccdf:fixtext fixref="F-61449r925338_fix">Configure the system to disable the CtrlAltDelBurstAction by added or modifying the following line in the "/etc/systemd/system.conf" configuration file:
+          <xccdf:fixtext fixref="F-61449r1155650_fix">Configure RHEL 9 to disable the CtrlAltDelBurstAction by adding it to a drop file in a "/etc/systemd/system.conf.d/" configuration file:
+
+If no drop file exists, create one with the following command:
+
+$ sudo mkdir -p /etc/systemd/system.conf.d &amp;&amp; sudo vi /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction
+
+Edit the file to contain the setting by adding the following text:
 
 CtrlAltDelBurstAction=none
 
 Reload the daemon for this change to take effect.
 
 $ sudo systemctl daemon-reload</xccdf:fixtext>
-          <xccdf:fix id="F-61449r925338_fix" />
+          <xccdf:fix id="F-61449r1155650_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257784" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257784" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4236,7 +4243,7 @@ $ sudo systemctl disable --now ctrl-alt-del.target
 $ sudo systemctl mask --now ctrl-alt-del.target</xccdf:fixtext>
           <xccdf:fix id="F-61450r925341_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257785" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257785" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4263,14 +4270,14 @@ $ sudo systemctl disable --now debug-shell.service
 $ sudo systemctl mask --now debug-shell.service</xccdf:fixtext>
           <xccdf:fix id="F-61451r943025_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257786" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257786" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257787">
         <xccdf:title>SRG-OS-000080-GPOS-00048</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257787r1117265_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257787r1137691_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-212010</xccdf:version>
           <xccdf:title>RHEL 9 must require a boot loader superuser password.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
@@ -4293,7 +4300,7 @@ Enter password:
 Confirm password:</xccdf:fixtext>
           <xccdf:fix id="F-61452r925347_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257787" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257787" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4317,7 +4324,7 @@ Confirm password:</xccdf:fixtext>
 $ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"</xccdf:fixtext>
           <xccdf:fix id="F-61453r1044837_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257788" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257788" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4341,7 +4348,7 @@ $ sudo grubby --update-kernel=ALL --remove-args="systemd.confirm_spawn"</xccdf:f
 $ sudo chgrp root /boot/grub2/grub.cfg</xccdf:fixtext>
           <xccdf:fix id="F-61455r925356_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257790" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257790" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4365,7 +4372,7 @@ $ sudo chgrp root /boot/grub2/grub.cfg</xccdf:fixtext>
 $ sudo chown root /boot/grub2/grub.cfg</xccdf:fixtext>
           <xccdf:fix id="F-61456r925359_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257791" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257791" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4397,7 +4404,7 @@ Add or modify the following line in "/etc/default/grub" to ensure the configurat
 GRUB_CMDLINE_LINUX="vsyscall=none"</xccdf:fixtext>
           <xccdf:fix id="F-61457r925362_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257792" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257792" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4427,7 +4434,7 @@ Add or modify the following line in "/etc/default/grub" to ensure the configurat
 GRUB_CMDLINE_LINUX="page_poison=1"</xccdf:fixtext>
           <xccdf:fix id="F-61458r925365_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257793" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257793" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4467,7 +4474,7 @@ Reboot the system:
 $ sudo reboot</xccdf:fixtext>
           <xccdf:fix id="F-61459r1069361_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257794" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257794" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4498,7 +4505,7 @@ Add or modify the following line in "/etc/default/grub" to ensure the configurat
 GRUB_CMDLINE_LINUX="pti=on"</xccdf:fixtext>
           <xccdf:fix id="F-61460r925371_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257795" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257795" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4535,14 +4542,14 @@ Add or modify the following line in "/etc/default/grub" to ensure the configurat
 GRUB_CMDLINE_LINUX="audit=1"</xccdf:fixtext>
           <xccdf:fix id="F-61461r925374_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257796" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257796" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257797">
         <xccdf:title>SRG-OS-000132-GPOS-00067</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257797r1117266_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257797r1155691_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213010</xccdf:version>
           <xccdf:title>RHEL 9 must restrict access to the kernel message buffer.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
@@ -4553,7 +4560,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4572,33 +4579,28 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001082</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001090</xccdf:ident>
-          <xccdf:fixtext fixref="F-61462r1102065_fix">Configure RHEL 9 to restrict access to the kernel message buffer.
+          <xccdf:fixtext fixref="F-61462r1155690_fix">Configure RHEL 9 to restrict access to the kernel message buffer.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-kernel.dmesg_restrict = 1
+$ sudo vi /etc/sysctl.d/99-dmesg_restrict.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+kernel.dmesg_restrict = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61462r1102065_fix" />
+          <xccdf:fix id="F-61462r1155690_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257797" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257797" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257798">
         <xccdf:title>SRG-OS-000132-GPOS-00067</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257798r1117266_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257798r1155694_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213015</xccdf:version>
           <xccdf:title>RHEL 9 must prevent kernel profiling by nonprivileged users.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
@@ -4609,7 +4611,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4628,40 +4630,35 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069&lt;/VulnDiscussion
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001082</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001090</xccdf:ident>
-          <xccdf:fixtext fixref="F-61463r1102051_fix">Configure RHEL 9 to prevent kernel profiling by nonprivileged users.
+          <xccdf:fixtext fixref="F-61463r1155693_fix">Configure RHEL 9 to prevent kernel profiling by nonprivileged users.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-kernel.perf_event_paranoid = 2
+$ sudo vi /etc/sysctl.d/99-kernel_perf_event_paranoid.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+kernel.perf_event_paranoid = 2
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61463r1102051_fix" />
+          <xccdf:fix id="F-61463r1155693_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257798" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257798" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257799">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257799r1106273_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257799r1155697_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213020</xccdf:version>
           <xccdf:title>RHEL 9 must prevent the loading of a new kernel for later execution.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 
 Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4680,36 +4677,33 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000366-GPOS-00153&lt;/VulnDiscussion
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-003992</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001749</xccdf:ident>
-          <xccdf:fixtext fixref="F-61464r1106272_fix">Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+          <xccdf:fixtext fixref="F-61464r1155696_fix">Configure RHEL 9 to disable kernel image loading.
 
-kernel.kexec_load_disabled = 1
+Create a drop-in if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-kernel_kexec_load_disabled.conf
 
-Load settings from all system configuration files with the following command:
+Add the following to the file:
+kernel.kexec_load_disabled = 1
+
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61464r1106272_fix" />
+          <xccdf:fix id="F-61464r1155696_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257799" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257799" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257800">
         <xccdf:title>SRG-OS-000132-GPOS-00067</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257800r1117266_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257800r1155700_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213025</xccdf:version>
           <xccdf:title>RHEL 9 must restrict exposed kernel pointer addresses access.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4728,40 +4722,37 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPO
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001082</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002824</xccdf:ident>
-          <xccdf:fixtext fixref="F-61465r1106275_fix">Configure RHEL 9 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61465r1155699_fix">Configure RHEL 9 to restrict exposed kernel pointer addresses access.
 
-kernel.kptr_restrict = 1
+Create a drop-in if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-kernel_kptr_restrict.conf
+
+Add the following to the file:
+kernel.kptr_restrict = 1
 
-The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61465r1106275_fix" />
+          <xccdf:fix id="F-61465r1155699_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257800" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257800" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257801">
         <xccdf:title>SRG-OS-000312-GPOS-00123</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257801r1106279_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257801r1155703_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213030</xccdf:version>
-          <xccdf:title>RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+          <xccdf:title>RHEL 9 must enable kernel parameters to enforce discretionary access control (DAC) on hardlinks.</xccdf:title>
+          <xccdf:description>&lt;VulnDiscussion&gt;DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
 
 When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
 
 By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4780,40 +4771,37 @@ Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPO
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002165</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002235</xccdf:ident>
-          <xccdf:fixtext fixref="F-61466r1106278_fix">Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+          <xccdf:fixtext fixref="F-61466r1155702_fix">Configure RHEL 9 to enable DAC on hardlinks.
 
-fs.protected_hardlinks = 1
+Create a drop-in if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-fs_protected_hardlinks.conf
 
-Load settings from all system configuration files with the following command:
+Add the following to the file:
+fs.protected_hardlinks = 1
+
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61466r1106278_fix" />
+          <xccdf:fix id="F-61466r1155702_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257801" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257801" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257802">
         <xccdf:title>SRG-OS-000312-GPOS-00123</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257802r1106282_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257802r1155706_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213035</xccdf:version>
-          <xccdf:title>RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+          <xccdf:title>RHEL 9 must enable kernel parameters to enforce discretionary access (DAC) control on symlinks.</xccdf:title>
+          <xccdf:description>&lt;VulnDiscussion&gt;DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
 
 When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
 
 By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower match, or when the directory owner matches the symlink's owner. Disallowing such symlinks helps mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4832,38 +4820,33 @@ Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPO
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002165</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002235</xccdf:ident>
-          <xccdf:fixtext fixref="F-61467r1106281_fix">Configure RHEL 9 to enable DAC on symlinks.
+          <xccdf:fixtext fixref="F-61467r1155705_fix">Configure RHEL 9 to enable DAC on symlinks with the following:
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-fs.protected_symlinks = 1
+$ sudo vi /etc/sysctl.d/99-fs_protected_symlinks.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+fs.protected_symlinks = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61467r1106281_fix" />
+          <xccdf:fix id="F-61467r1155705_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257802" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257802" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257803">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257803r1106429_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257803r1155668_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213040</xccdf:version>
           <xccdf:title>RHEL 9 must disable the kernel.core_pattern.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+          <xccdf:description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -4879,26 +4862,21 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61468r1106428_fix">Configure RHEL 9 to disable storing core dumps.
+          <xccdf:fixtext fixref="F-61468r1155667_fix">Configure RHEL 9 to disable storing core dumps. 
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a drop-in if it does not already exist:
 
-kernel.core_pattern = |/bin/false
+$ sudo vi /etc/sysctl.d/99-kernel_core_pattern.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following to the file:
+kernel.core_pattern = |/bin/false
 
-The system configuration files must reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61468r1106428_fix" />
+          <xccdf:fix id="F-61468r1155667_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257803" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257803" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4923,7 +4901,7 @@ install atm /bin/false
 blacklist atm</xccdf:fixtext>
           <xccdf:fix id="F-61469r925398_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257804" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257804" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4948,7 +4926,7 @@ install can /bin/false
 blacklist can</xccdf:fixtext>
           <xccdf:fix id="F-61470r1044855_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257805" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257805" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4973,7 +4951,7 @@ install firewire-core /bin/false
 blacklist firewire-core</xccdf:fixtext>
           <xccdf:fix id="F-61471r1044858_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257806" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257806" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5002,7 +4980,7 @@ install sctp /bin/false
 blacklist sctp</xccdf:fixtext>
           <xccdf:fix id="F-61472r1044861_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257807" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257807" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5031,21 +5009,21 @@ install tipc /bin/false
 blacklist tipc</xccdf:fixtext>
           <xccdf:fix id="F-61473r1044864_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257808" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257808" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257809">
         <xccdf:title>SRG-OS-000433-GPOS-00193</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257809r1106288_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257809r1155709_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213070</xccdf:version>
           <xccdf:title>RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
 
 Examples of attacks are buffer overflow attacks.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -5063,38 +5041,33 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002824</xccdf:ident>
-          <xccdf:fixtext fixref="F-61474r1106287_fix">Configure RHEL 9 to implement virtual address space randomization.
+          <xccdf:fixtext fixref="F-61474r1155708_fix">Configure RHEL 9 to implement ASLR.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create the drop-in if it does not already exist:
 
-kernel.randomize_va_space=2
+$ sudo vi /etc/sysctl.d/99-kernel_randomize_va_space.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+kernel.randomize_va_space = 2
 
-Issue the following command to make the changes take effect:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61474r1106287_fix" />
+          <xccdf:fix id="F-61474r1155708_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257809" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257809" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257810">
         <xccdf:title>SRG-OS-000132-GPOS-00067</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257810r1117266_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257810r1155712_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213075</xccdf:version>
           <xccdf:title>RHEL 9 must disable access to network bpf system call from nonprivileged processes.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -5112,31 +5085,28 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001082</xccdf:ident>
-          <xccdf:fixtext fixref="F-61475r1106430_fix">Configure RHEL 9 to prevent privilege escalation through the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61475r1155711_fix">Configure RHEL 9 to prevent privilege escalation through the kernel by disabling access to the bpf system call.
 
-kernel.unprivileged_bpf_disabled = 1
+Create the drop-in file if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-kernel_unprivileged_bpf_disabled.conf
+
+Add the following line to the file:
+kernel.unprivileged_bpf_disabled = 1
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61475r1106430_fix" />
+          <xccdf:fix id="F-61475r1155711_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257810" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257810" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257811">
         <xccdf:title>SRG-OS-000132-GPOS-00067</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257811r1117266_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257811r1155674_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213080</xccdf:version>
           <xccdf:title>RHEL 9 must restrict usage of ptrace to descendant processes.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
@@ -5159,24 +5129,21 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001082</xccdf:ident>
-          <xccdf:fixtext fixref="F-61476r1106432_fix">Configure RHEL 9 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61476r1155673_fix">Configure RHEL 9 to restrict the usage of ptrace to descendant processes.
 
-kernel.yama.ptrace_scope = 1
+Create the drop-in if it doesn't already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-kernel_yama.ptrace_scope.conf
+
+Add the following line to the file:
+kernel.yama.ptrace_scope = 1
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61476r1106432_fix" />
+          <xccdf:fix id="F-61476r1155673_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257811" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257811" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5205,7 +5172,7 @@ Add or modify the following line in /etc/systemd/coredump.conf:
 ProcessSizeMax=0</xccdf:fixtext>
           <xccdf:fix id="F-61477r925422_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257812" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257812" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5232,14 +5199,14 @@ Add or modify the following line in /etc/systemd/coredump.conf:
 Storage=none</xccdf:fixtext>
           <xccdf:fix id="F-61478r925425_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257813" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257813" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257814">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257814r1134901_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257814r1156057_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213095</xccdf:version>
           <xccdf:title>RHEL 9 must disable core dumps for all users.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -5252,14 +5219,16 @@ Storage=none</xccdf:fixtext>
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxKernelDumps" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61479r925428_fix">Configure the operating system to disable core dumps for all users.
+          <xccdf:fixtext fixref="F-61479r1155592_fix">Configure RHEL 9 to disable core dumps for all users.
 
 Add the following line to the top of the /etc/security/limits.conf or in a single ".conf" file defined in /etc/security/limits.d/:
 
-* hard core 0</xccdf:fixtext>
-          <xccdf:fix id="F-61479r925428_fix" />
+* hard core 0
+
+Remove or comment out any entries for users or groups with a value set to anything other than "0".</xccdf:fixtext>
+          <xccdf:fix id="F-61479r1155592_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257814" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257814" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5290,19 +5259,19 @@ Reload the daemon for this change to take effect.
 $ sudo systemctl daemon-reload</xccdf:fixtext>
           <xccdf:fix id="F-61480r925431_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257815" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257815" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257816">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257816r1106435_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257816r1155715_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-213105</xccdf:version>
           <xccdf:title>RHEL 9 must disable the use of user namespaces.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -5318,24 +5287,22 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61481r1106434_fix">Configure RHEL 9 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61481r1155714_fix">Configure RHEL 9 to disable the use of user namespaces.
 
-user.max_user_namespaces = 0
+Create the drop-in if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-user_max_user_namespaces.conf
+
+Add the following line to the file:
+
+user.max_user_namespaces = 0
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61481r1106434_fix" />
+          <xccdf:fix id="F-61481r1155714_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257816" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257816" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5365,7 +5332,7 @@ To mask the kdump service run the following command:
 $ sudo systemctl mask --now kdump</xccdf:fixtext>
           <xccdf:fix id="F-61483r925440_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257818" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257818" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5396,7 +5363,7 @@ Add or update the following line in the [main] section of the /etc/dnf/dnf.conf
 gpgcheck=1</xccdf:fixtext>
           <xccdf:fix id="F-61485r925446_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257820" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257820" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5427,14 +5394,14 @@ Add or update the following line in the [main] section of the /etc/dnf/dnf.conf
 localpkg_gpgcheck=1</xccdf:fixtext>
           <xccdf:fix id="F-61486r925449_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257821" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257821" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257822">
         <xccdf:title>SRG-OS-000366-GPOS-00153</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257822r1044880_rule" severity="high" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257822r1155615_rule" severity="high" weight="10.0">
           <xccdf:version>RHEL-09-214025</xccdf:version>
           <xccdf:title>RHEL 9 must have GPG signature verification enabled for all software repositories.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
@@ -5456,7 +5423,7 @@ Verifying the authenticity of software prior to installation validates the integ
 $ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*</xccdf:fixtext>
           <xccdf:fix id="F-61487r925452_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257822" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257822" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5482,7 +5449,7 @@ Edit the file /etc/dnf/dnf.conf by adding or editing the following line:
  clean_requirements_on_remove=True</xccdf:fixtext>
           <xccdf:fix id="F-61489r1044885_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257824" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257824" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5507,7 +5474,7 @@ Edit the file /etc/dnf/dnf.conf by adding or editing the following line:
 $ sudo dnf install subscription-manager</xccdf:fixtext>
           <xccdf:fix id="F-61490r925461_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257825" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257825" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5538,7 +5505,7 @@ Satisfies: SRG-OS-000074-GPOS-00042, SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPO
 $ sudo dnf remove vsftpd</xccdf:fixtext>
           <xccdf:fix id="F-61491r925464_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257826" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257826" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5564,7 +5531,7 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049&lt;/VulnDiscussion
 $ sudo dnf remove sendmail</xccdf:fixtext>
           <xccdf:fix id="F-61492r925467_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257827" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257827" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5588,7 +5555,7 @@ $ sudo dnf remove sendmail</xccdf:fixtext>
 $ sudo dnf remove nfs-utils</xccdf:fixtext>
           <xccdf:fix id="F-61493r925470_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257828" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257828" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5614,7 +5581,7 @@ Removing the "ypserv" package decreases the risk of the accidental (or intention
 $ sudo dnf remove ypserv</xccdf:fixtext>
           <xccdf:fix id="F-61494r925473_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257829" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257829" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5642,14 +5609,14 @@ Removing the "telnet-server" package decreases the risk of accidental (or intent
 $ sudo dnf remove telnet-server</xccdf:fixtext>
           <xccdf:fix id="F-61496r925479_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257831" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257831" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257832">
         <xccdf:title>SRG-OS-000095-GPOS-00049</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257832r1044900_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257832r1155653_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-215045</xccdf:version>
           <xccdf:title>RHEL 9 must not have the gssproxy package installed.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
@@ -5666,13 +5633,14 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
+          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxNoNFSMounts" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000381</xccdf:ident>
           <xccdf:fixtext fixref="F-61497r925482_fix">Remove the gssproxy package with the following command:
 
 $ sudo dnf remove gssproxy</xccdf:fixtext>
           <xccdf:fix id="F-61497r925482_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257832" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257832" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5702,7 +5670,7 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
 $ sudo dnf remove iprutils</xccdf:fixtext>
           <xccdf:fix id="F-61498r925485_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257833" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257833" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5732,19 +5700,21 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
 $ sudo dnf remove tuned</xccdf:fixtext>
           <xccdf:fix id="F-61499r925488_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257834" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257834" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257835">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257835r1102037_rule" severity="high" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257835r1155679_rule" severity="high" weight="10.0">
           <xccdf:version>RHEL-09-215060</xccdf:version>
-          <xccdf:title>RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.</xccdf:title>
+          <xccdf:title>The Trivial File Transfer Protocol (TFTP) server must not be installed unless it is required, and if required, the RHEL 9 TFTP daemon must be configured to operate in secure mode.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services.
 
-If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
+If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.
+
+Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
           <xccdf:reference>
             <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
             <dc:publisher>DISA</dc:publisher>
@@ -5752,13 +5722,29 @@ If TFTP is required for operational support (such as transmission of router conf
             <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
+          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxTFTP" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61500r952170_fix">The "tftp-server" package can be removed with the following command:
+          <xccdf:fixtext fixref="F-61500r1155678_fix">Configure RHEL 9 so that TFTP operates in secure mode if installed.
+
+If TFTP server is not required, remove it with the following command:
+$ sudo dnf -y remove tftp-server
+
+Configure the TFTP daemon to operate in secure mode with the following command:
+$ sudo systemctl edit tftp.service
+
+In the editor, enter:
+[Service]
+ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
 
-$ sudo dnf remove tftp-server</xccdf:fixtext>
-          <xccdf:fix id="F-61500r952170_fix" />
+After making changes, reload the systemd daemon and restart the TFTP service as follows:
+
+$ sudo systemctl daemon-reload
+$ sudo systemctl restart tftp.service
+
+If the "-s" option is not present in the "ExecStart" line or if the line is missing, this is a finding.</xccdf:fixtext>
+          <xccdf:fix id="F-61500r1155678_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257835" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257835" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5784,7 +5770,7 @@ If there is no need to make the router software available, removing it provides
 $ sudo dnf remove quagga</xccdf:fixtext>
           <xccdf:fix id="F-61501r925494_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257836" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257836" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5815,7 +5801,7 @@ $ sudo dnf remove "xorg*"
 $ sudo systemctl set-default multi-user.target</xccdf:fixtext>
           <xccdf:fix id="F-61502r925497_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257837" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257837" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5845,7 +5831,7 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
 $ sudo dnf install openssl-pkcs11</xccdf:fixtext>
           <xccdf:fix id="F-61503r925500_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257838" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257838" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5869,7 +5855,7 @@ $ sudo dnf install openssl-pkcs11</xccdf:fixtext>
 $ sudo dnf install gnutls-utils</xccdf:fixtext>
           <xccdf:fix id="F-61504r925503_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257839" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257839" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5893,7 +5879,7 @@ $ sudo dnf install gnutls-utils</xccdf:fixtext>
 $ sudo dnf install nss-tools</xccdf:fixtext>
           <xccdf:fix id="F-61505r925506_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257840" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257840" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5917,7 +5903,7 @@ $ sudo dnf install nss-tools</xccdf:fixtext>
 $ sudo dnf install rng-tools</xccdf:fixtext>
           <xccdf:fix id="F-61506r925509_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257841" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257841" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5941,7 +5927,7 @@ $ sudo dnf install rng-tools</xccdf:fixtext>
 $ sudo dnf install s-nail</xccdf:fixtext>
           <xccdf:fix id="F-61507r925512_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257842" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257842" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5963,7 +5949,7 @@ $ sudo dnf install s-nail</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61508r925515_fix">Migrate the "/home" directory onto a separate file system/partition.</xccdf:fixtext>
           <xccdf:fix id="F-61508r925515_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257843" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257843" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5985,7 +5971,7 @@ $ sudo dnf install s-nail</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61509r925518_fix">Migrate the "/tmp" path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-61509r925518_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257844" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257844" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6007,7 +5993,7 @@ $ sudo dnf install s-nail</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61510r925521_fix">Migrate the "/var" path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-61510r925521_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257845" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257845" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6029,7 +6015,7 @@ $ sudo dnf install s-nail</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61511r925524_fix">Migrate the "/var/log" path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-61511r925524_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257846" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257846" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6053,7 +6039,7 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61512r925527_fix">Migrate the system audit data path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-61512r925527_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257847" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257847" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6075,7 +6061,7 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61513r925530_fix">Migrate the "/var/tmp" path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-61513r925530_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257848" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257848" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6105,7 +6091,7 @@ The autofs service can be disabled with the following command:
 $ sudo systemctl mask --now autofs.service</xccdf:fixtext>
           <xccdf:fix id="F-61514r925533_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257849" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257849" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6129,7 +6115,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61515r925536_fix">Modify "/etc/fstab" to use the "nodev" option on the "/home" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61515r925536_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257850" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257850" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6153,7 +6139,7 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61516r925539_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/home" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61516r925539_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257851" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257851" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6175,7 +6161,7 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61517r925542_fix">Modify "/etc/fstab" to use the "noexec" option on the "/home" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61517r925542_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257852" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257852" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6198,7 +6184,7 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61519r925548_fix">Update each NFS mounted file system to use the "nodev" option on file systems that are being imported via NFS.</xccdf:fixtext>
           <xccdf:fix id="F-61519r925548_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257854" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257854" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6216,11 +6202,12 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
             <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
+          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxNFSMounts" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
           <xccdf:fixtext fixref="F-61520r925551_fix">Update each NFS mounted file system to use the "noexec" option on file systems that are being imported via NFS.</xccdf:fixtext>
           <xccdf:fix id="F-61520r925551_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257855" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257855" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6243,7 +6230,7 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61521r925554_fix">Update each NFS mounted file system to use the "nosuid" option on file systems that are being imported via NFS.</xccdf:fixtext>
           <xccdf:fix id="F-61521r925554_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257856" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257856" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6265,7 +6252,7 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61525r925566_fix">Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61525r925566_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257860" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257860" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6289,14 +6276,14 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61526r925569_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/boot" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61526r925569_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257861" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257861" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257862">
         <xccdf:title>SRG-OS-000368-GPOS-00154</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257862r1134908_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257862r1155661_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-231105</xccdf:version>
           <xccdf:title>RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
@@ -6314,14 +6301,14 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61527r1051264_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/boot/efi" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61527r1051264_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257862" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257862" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257863">
         <xccdf:title>SRG-OS-000368-GPOS-00154</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257863r958804_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257863r1155633_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-231110</xccdf:version>
           <xccdf:title>RHEL 9 must mount /dev/shm with the nodev option.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
@@ -6335,17 +6322,27 @@ The only legitimate location for device files is the "/dev" directory located on
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001764</xccdf:ident>
-          <xccdf:fixtext fixref="F-61528r925575_fix">Modify "/etc/fstab" to use the "nodev" option on the "/dev/shm" file system.</xccdf:fixtext>
-          <xccdf:fix id="F-61528r925575_fix" />
+          <xccdf:fixtext fixref="F-61528r1155632_fix">Configure "/dev/shm" to mount with the "nodev" option.
+
+Modify "/etc/fstab" to use the "nodev" option on the "/dev/shm" file system.
+
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
+
+$ sudo systemctl daemon-reload
+
+Use the following command to apply the changes immediately without a reboot:
+
+$ sudo mount -o remount /dev/shm</xccdf:fixtext>
+          <xccdf:fix id="F-61528r1155632_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257863" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257863" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257864">
         <xccdf:title>SRG-OS-000368-GPOS-00154</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257864r1106304_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257864r1155639_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-231115</xccdf:version>
           <xccdf:title>RHEL 9 must mount /dev/shm with the noexec option.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -6357,50 +6354,27 @@ The only legitimate location for device files is the "/dev" directory located on
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001764</xccdf:ident>
-          <xccdf:fixtext fixref="F-61529r1106303_fix">Configure "/dev/shm" to mount with the "noexec" option.
-
-Determine how /dev/shm is managed.
-
-$ systemctl status systemd-tmpfiles-setup
-If "active", systemd is managing temporary files (including /dev/shm).
-Otherwise, /etc/fstab is managing temporary files.
+          <xccdf:fixtext fixref="F-61529r1155638_fix">Configure "/dev/shm" to mount with the "noexec" option.
 
-If systemd is managing /dev/shm, use the following commands to add the noexec option to the mount:
-     If /etc/tmpfiles.d does not exist, create it:
-     $ sudo mkdir -p /etc/tmpfiles.d
+Modify "/etc/fstab" to use the "noexec" option on the "/dev/shm" file system.
 
-     Add a configuration file with the appropriate options for /dev/shm as follows:
-     $ echo 'd /dev/shm 1777 root root 10d' | sudo tee /etc/tmpfiles.d/dev-shm.conf
-     $ echo 'x /dev/shm' | sudo tee -a /etc/tmpfiles.d/dev-shm.conf
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
 
-     Apply new mount options with the following commands:
-     $ sudo systemctl mask tmp.mount
-     Created symlink /etc/systemd/system/tmp.mount ? /dev/null.
-
-     $ echo 'tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,seclabel 0 0' | sudo tee -a /etc/fstab
-     $ sudo mount -o remount /dev/shm
-     $ sudo systemctl daemon-reload
-
-If /dev/shm is managed by /etc/fstab, use the following commands to add the noexec option to the mount:
-     $ sudo vi /etc/fstab
-
-     Add or modify the following line:
-     tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,seclabel 0 0
+$ sudo systemctl daemon-reload
 
-     Remount /dev/shm:
-     $ sudo mount -o remount /dev/shm
+Use the following command to apply the changes immediately without a reboot:
 
-Note: Although systemd manages tmpfs mounts by default, administrators can override settings by adding entries to /etc/fstab. Either approach is acceptable.</xccdf:fixtext>
-          <xccdf:fix id="F-61529r1106303_fix" />
+$ sudo mount -o remount /dev/shm</xccdf:fixtext>
+          <xccdf:fix id="F-61529r1155638_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257864" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257864" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257865">
         <xccdf:title>SRG-OS-000368-GPOS-00154</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257865r1044946_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257865r1155636_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-231120</xccdf:version>
           <xccdf:title>RHEL 9 must mount /dev/shm with the nosuid option.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -6412,10 +6386,20 @@ Note: Although systemd manages tmpfs mounts by default, administrators can overr
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001764</xccdf:ident>
-          <xccdf:fixtext fixref="F-61530r925581_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/dev/shm" file system.</xccdf:fixtext>
-          <xccdf:fix id="F-61530r925581_fix" />
+          <xccdf:fixtext fixref="F-61530r1155635_fix">Configure "/dev/shm" to mount with the "nosuid" option.
+
+Modify "/etc/fstab" to use the "nosuid" option on the "/dev/shm" file system.
+
+To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command:
+
+$ sudo systemctl daemon-reload
+
+Use the following command to apply the changes immediately without a reboot:
+
+$ sudo mount -o remount /dev/shm</xccdf:fixtext>
+          <xccdf:fix id="F-61530r1155635_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257865" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257865" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6439,7 +6423,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61531r925584_fix">Modify "/etc/fstab" to use the "nodev" option on the "/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61531r925584_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257866" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257866" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6461,7 +6445,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61532r925587_fix">Modify "/etc/fstab" to use the "noexec" option on the "/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61532r925587_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257867" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257867" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6483,7 +6467,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61533r925590_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61533r925590_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257868" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257868" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6507,7 +6491,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61534r925593_fix">Modify "/etc/fstab" to use the "nodev" option on the "/var" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61534r925593_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257869" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257869" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6531,7 +6515,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61535r925596_fix">Modify "/etc/fstab" to use the "nodev" option on the "/var/log" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61535r925596_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257870" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257870" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6553,7 +6537,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61536r925599_fix">Modify "/etc/fstab" to use the "noexec" option on the "/var/log" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61536r925599_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257871" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257871" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6575,7 +6559,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61537r925602_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/var/log" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61537r925602_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257872" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257872" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6599,7 +6583,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61538r925605_fix">Modify "/etc/fstab" to use the "nodev" option on the "/var/log/audit" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61538r925605_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257873" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257873" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6621,7 +6605,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61539r925608_fix">Modify "/etc/fstab" to use the "noexec" option on the "/var/log/audit" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61539r925608_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257874" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257874" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6643,7 +6627,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61540r925611_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/var/log/audit" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61540r925611_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257875" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257875" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6667,7 +6651,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61541r925614_fix">Modify "/etc/fstab" to use the "nodev" option on the "/var/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61541r925614_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257876" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257876" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6689,7 +6673,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61542r925617_fix">Modify "/etc/fstab" to use the "noexec" option on the "/var/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61542r925617_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257877" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257877" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6711,7 +6695,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61543r925620_fix">Modify "/etc/fstab" to use the "nosuid" option on the "/var/tmp" directory.</xccdf:fixtext>
           <xccdf:fix id="F-61543r925620_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257878" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257878" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6740,14 +6724,14 @@ install cramfs /bin/false
 blacklist cramfs</xccdf:fixtext>
           <xccdf:fix id="F-61545r1044950_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257880" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257880" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257881">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257881r991589_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257881r1155663_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-231200</xccdf:version>
           <xccdf:title>RHEL 9 must prevent special devices on non-root local partitions.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
@@ -6764,7 +6748,7 @@ The only legitimate location for device files is the "/dev" directory located on
           <xccdf:fixtext fixref="F-61546r925629_fix">Configure the "/etc/fstab" to use the "nodev" option on all non-root local partitions.</xccdf:fixtext>
           <xccdf:fix id="F-61546r925629_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257881" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257881" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6792,7 +6776,7 @@ Run the following command, replacing "[FILE]" with any system command with a mod
 $ sudo chmod 755 [FILE]</xccdf:fixtext>
           <xccdf:fix id="F-61547r925632_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257882" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257882" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6820,7 +6804,7 @@ Run the following command, replacing "[DIRECTORY]" with any library directory wi
 $ sudo chmod 755 [DIRECTORY]</xccdf:fixtext>
           <xccdf:fix id="F-61548r925635_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257883" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257883" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6846,7 +6830,7 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
 $ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' -perm /022 -exec chmod go-w {} +</xccdf:fixtext>
           <xccdf:fix id="F-61549r1106305_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257884" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257884" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6872,7 +6856,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chmod 0755 /var/log</xccdf:fixtext>
           <xccdf:fix id="F-61550r925641_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257885" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257885" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6898,7 +6882,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chmod 0640 /var/log/messages</xccdf:fixtext>
           <xccdf:fix id="F-61551r925644_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257886" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257886" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6928,7 +6912,7 @@ $ sudo chmod 0755 [audit_tool]
 Replace "[audit_tool]" with each audit tool that has a more permissive mode than 0755.</xccdf:fixtext>
           <xccdf:fix id="F-61552r925647_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257887" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257887" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6954,7 +6938,7 @@ Note: The example will be for the wadea user, who has a home directory of "/home
 $ sudo chmod 0740 /home/wadea/.&lt;INIT_FILE&gt;</xccdf:fixtext>
           <xccdf:fix id="F-61554r925653_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257889" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257889" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6980,7 +6964,7 @@ Note: The example will be for the user "wadea".
 $ sudo chmod 0750 /home/wadea</xccdf:fixtext>
           <xccdf:fix id="F-61555r925656_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257890" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257890" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7004,7 +6988,7 @@ $ sudo chmod 0750 /home/wadea</xccdf:fixtext>
 $ sudo chmod 0644 /etc/group</xccdf:fixtext>
           <xccdf:fix id="F-61556r925659_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257891" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257891" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7028,7 +7012,7 @@ $ sudo chmod 0644 /etc/group</xccdf:fixtext>
 $ sudo chmod 0644 /etc/group-</xccdf:fixtext>
           <xccdf:fix id="F-61557r925662_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257892" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257892" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7052,7 +7036,7 @@ $ sudo chmod 0644 /etc/group-</xccdf:fixtext>
 $ sudo chmod 0000 /etc/gshadow</xccdf:fixtext>
           <xccdf:fix id="F-61558r925665_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257893" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257893" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7076,7 +7060,7 @@ $ sudo chmod 0000 /etc/gshadow</xccdf:fixtext>
 $ sudo chmod 0000 /etc/gshadow-</xccdf:fixtext>
           <xccdf:fix id="F-61559r925668_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257894" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257894" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7100,7 +7084,7 @@ $ sudo chmod 0000 /etc/gshadow-</xccdf:fixtext>
 $ sudo chmod 0644 /etc/passwd</xccdf:fixtext>
           <xccdf:fix id="F-61560r925671_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257895" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257895" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7124,7 +7108,7 @@ $ sudo chmod 0644 /etc/passwd</xccdf:fixtext>
 $ sudo chmod 0644 /etc/passwd-</xccdf:fixtext>
           <xccdf:fix id="F-61561r925674_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257896" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257896" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7148,7 +7132,7 @@ $ sudo chmod 0644 /etc/passwd-</xccdf:fixtext>
 $ sudo chmod 0000 /etc/shadow-</xccdf:fixtext>
           <xccdf:fix id="F-61562r925677_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257897" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257897" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7172,7 +7156,7 @@ $ sudo chmod 0000 /etc/shadow-</xccdf:fixtext>
 $ sudo chown root /etc/group</xccdf:fixtext>
           <xccdf:fix id="F-61563r925680_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257898" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257898" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7196,7 +7180,7 @@ $ sudo chown root /etc/group</xccdf:fixtext>
 $ sudo chgrp root /etc/group</xccdf:fixtext>
           <xccdf:fix id="F-61564r925683_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257899" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257899" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7220,7 +7204,7 @@ $ sudo chgrp root /etc/group</xccdf:fixtext>
 $ sudo chown root /etc/group-</xccdf:fixtext>
           <xccdf:fix id="F-61565r925686_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257900" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257900" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7244,7 +7228,7 @@ $ sudo chown root /etc/group-</xccdf:fixtext>
 $ sudo chgrp root /etc/group-</xccdf:fixtext>
           <xccdf:fix id="F-61566r925689_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257901" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257901" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7268,7 +7252,7 @@ $ sudo chgrp root /etc/group-</xccdf:fixtext>
 $ sudo chown root /etc/gshadow</xccdf:fixtext>
           <xccdf:fix id="F-61567r925692_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257902" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257902" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7292,7 +7276,7 @@ $ sudo chown root /etc/gshadow</xccdf:fixtext>
 $ sudo chgrp root /etc/gshadow</xccdf:fixtext>
           <xccdf:fix id="F-61568r925695_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257903" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257903" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7316,7 +7300,7 @@ $ sudo chgrp root /etc/gshadow</xccdf:fixtext>
 $ sudo chown root /etc/gshadow-</xccdf:fixtext>
           <xccdf:fix id="F-61569r925698_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257904" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257904" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7340,7 +7324,7 @@ $ sudo chown root /etc/gshadow-</xccdf:fixtext>
 $ sudo chgrp root /etc/gshadow-</xccdf:fixtext>
           <xccdf:fix id="F-61570r925701_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257905" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257905" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7364,7 +7348,7 @@ $ sudo chgrp root /etc/gshadow-</xccdf:fixtext>
 $ sudo chown root /etc/passwd</xccdf:fixtext>
           <xccdf:fix id="F-61571r925704_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257906" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257906" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7388,7 +7372,7 @@ $ sudo chown root /etc/passwd</xccdf:fixtext>
 $ sudo chgrp root /etc/passwd</xccdf:fixtext>
           <xccdf:fix id="F-61572r925707_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257907" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257907" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7412,7 +7396,7 @@ $ sudo chgrp root /etc/passwd</xccdf:fixtext>
 $ sudo chown root /etc/passwd-</xccdf:fixtext>
           <xccdf:fix id="F-61573r925710_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257908" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257908" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7436,7 +7420,7 @@ $ sudo chown root /etc/passwd-</xccdf:fixtext>
 $ sudo chgrp root /etc/passwd-</xccdf:fixtext>
           <xccdf:fix id="F-61574r925713_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257909" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257909" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7460,7 +7444,7 @@ $ sudo chgrp root /etc/passwd-</xccdf:fixtext>
 $ sudo chown root /etc/shadow</xccdf:fixtext>
           <xccdf:fix id="F-61575r925716_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257910" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257910" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7484,7 +7468,7 @@ $ sudo chown root /etc/shadow</xccdf:fixtext>
 $ sudo chgrp root /etc/shadow</xccdf:fixtext>
           <xccdf:fix id="F-61576r925719_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257911" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257911" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7508,7 +7492,7 @@ $ sudo chgrp root /etc/shadow</xccdf:fixtext>
 $ sudo chown root /etc/shadow-</xccdf:fixtext>
           <xccdf:fix id="F-61577r925722_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257912" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257912" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7532,7 +7516,7 @@ $ sudo chown root /etc/shadow-</xccdf:fixtext>
 $ sudo chgrp root /etc/shadow-</xccdf:fixtext>
           <xccdf:fix id="F-61578r925725_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257913" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257913" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7558,7 +7542,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chown root /var/log</xccdf:fixtext>
           <xccdf:fix id="F-61579r925728_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257914" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257914" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7584,7 +7568,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chgrp root /var/log</xccdf:fixtext>
           <xccdf:fix id="F-61580r925731_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257915" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257915" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7610,7 +7594,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chown root /var/log/messages</xccdf:fixtext>
           <xccdf:fix id="F-61581r925734_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257916" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257916" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7636,7 +7620,7 @@ The structure and content of error messages must be carefully considered by the
 $ sudo chgrp root /var/log/messages</xccdf:fixtext>
           <xccdf:fix id="F-61582r925737_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257917" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257917" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7664,7 +7648,7 @@ Run the following command, replacing "[FILE]" with any system command file not o
 $ sudo chown root [FILE]</xccdf:fixtext>
           <xccdf:fix id="F-61583r925740_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257918" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257918" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7692,7 +7676,7 @@ Run the following command, replacing "[FILE]" with any system command file not g
 $ sudo chgrp root [FILE]</xccdf:fixtext>
           <xccdf:fix id="F-61584r925743_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257919" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257919" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7718,7 +7702,7 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
 $ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' ! -user root -exec chown root {} +</xccdf:fixtext>
           <xccdf:fix id="F-61585r1101925_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257920" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257920" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7744,7 +7728,7 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
 $ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' ! -group root -exec chown :root {} +</xccdf:fixtext>
           <xccdf:fix id="F-61586r1106307_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257921" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257921" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7772,7 +7756,7 @@ Run the following command, replacing "[DIRECTORY]" with any library directory no
 $ sudo chown root [DIRECTORY]</xccdf:fixtext>
           <xccdf:fix id="F-61587r1044987_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257922" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257922" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7800,7 +7784,7 @@ Run the following command, replacing "[DIRECTORY]" with any library directory no
 $ sudo chgrp root [DIRECTORY]</xccdf:fixtext>
           <xccdf:fix id="F-61588r1044990_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257923" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257923" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7830,7 +7814,7 @@ $ sudo chown root [audit_tool]
 Replace "[audit_tool]" with each audit tool not owned by "root".</xccdf:fixtext>
           <xccdf:fix id="F-61589r925758_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257924" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257924" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7860,7 +7844,7 @@ $ sudo chgrp root [audit_tool]
 Replace "[audit_tool]" with each audit tool not group-owned by "root".</xccdf:fixtext>
           <xccdf:fix id="F-61590r925761_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257925" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257925" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7884,7 +7868,7 @@ Replace "[audit_tool]" with each audit tool not group-owned by "root".</xccdf:fi
 $ sudo chown root [cron config file]</xccdf:fixtext>
           <xccdf:fix id="F-61591r925764_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257926" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257926" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7908,7 +7892,7 @@ $ sudo chown root [cron config file]</xccdf:fixtext>
 $ sudo chgrp root [cron config file]</xccdf:fixtext>
           <xccdf:fix id="F-61592r925767_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257927" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257927" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7932,7 +7916,7 @@ $ sudo chgrp root [cron config file]</xccdf:fixtext>
 $ sudo chmod 0000 /etc/shadow</xccdf:fixtext>
           <xccdf:fix id="F-61599r925788_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257934" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257934" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7966,7 +7950,7 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000298-GPO
 $ sudo dnf install firewalld</xccdf:fixtext>
           <xccdf:fix id="F-61600r925791_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257935" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257935" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7999,7 +7983,7 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000480-GPO
 $ sudo systemctl enable --now firewalld</xccdf:fixtext>
           <xccdf:fix id="F-61601r925794_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257936" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257936" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8027,7 +8011,7 @@ FirewallBackend=nftables
 Establish rate-limiting rules based on organization-defined types of DoS attacks on impacted network interfaces.</xccdf:fixtext>
           <xccdf:fix id="F-61604r1044996_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257939" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257939" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8055,21 +8039,21 @@ Set the promiscuous mode of an interface to off with the following command:
 $ sudo ip link set dev &lt;devicename&gt; multicast off promisc off</xccdf:fixtext>
           <xccdf:fix id="F-61606r925809_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257941" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257941" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257942">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257942r1106314_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257942r1155718_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-251045</xccdf:version>
           <xccdf:title>RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks. Setting the value to "2" enables JIT hardening for all users.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8085,24 +8069,21 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61607r1106313_fix">Configure RHEL 9 to enable hardening for the BPF JIT compiler by adding the following line to a file, in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61607r1155717_fix">Configure RHEL 9 to enable hardening for the BPF JIT compiler.
 
-net.core.bpf_jit_harden = 2
+Create the drop-in file if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-net_core-bpf_jit_harden.conf
+
+Add the following line to the file:
+net.core.bpf_jit_harden = 2
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61607r1106313_fix" />
+          <xccdf:fix id="F-61607r1155717_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257942" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257942" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8127,7 +8108,7 @@ $ sudo sysctl --system</xccdf:fixtext>
 $ sudo dnf install chrony</xccdf:fixtext>
           <xccdf:fix id="F-61608r925815_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257943" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257943" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8154,7 +8135,7 @@ Synchronizing internal information system clocks provides uniformity of time sta
 $ sudo systemctl enable --now chronyd</xccdf:fixtext>
           <xccdf:fix id="F-61609r925818_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257944" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257944" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8181,7 +8162,7 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049&lt;/VulnDiscussion
 port 0</xccdf:fixtext>
           <xccdf:fix id="F-61611r925824_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257946" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257946" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8208,7 +8189,7 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049&lt;/VulnDiscussion
 cmdport 0</xccdf:fixtext>
           <xccdf:fix id="F-61612r925827_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257947" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257947" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8243,7 +8224,7 @@ $ nmcli connection modify [connection name] ipv4.dns [name server 1],[name serve
 Replace [name server 1] and [name server 2] with the IPs of two different DNS resolvers. Replace [connection name] with a valid NetworkManager connection name on the system. Replace ipv4 with ipv6 if IPv6 DNS servers are used.</xccdf:fixtext>
           <xccdf:fix id="F-61613r1045003_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257948" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257948" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8280,7 +8261,7 @@ NetworkManager must be reloaded for the change to take effect.
 $ sudo systemctl reload NetworkManager</xccdf:fixtext>
           <xccdf:fix id="F-61614r1134912_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257949" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257949" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8305,7 +8286,7 @@ $ sudo systemctl reload NetworkManager</xccdf:fixtext>
 $ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</xccdf:fixtext>
           <xccdf:fix id="F-61616r925839_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257951" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257951" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8337,7 +8318,7 @@ Then, run the following command:
 $ sudo newaliases</xccdf:fixtext>
           <xccdf:fix id="F-61618r925845_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257953" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257953" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8363,7 +8344,7 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion
 $ sudo dnf install libreswan</xccdf:fixtext>
           <xccdf:fix id="F-61619r925848_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257954" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257954" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8387,7 +8368,7 @@ $ sudo dnf install libreswan</xccdf:fixtext>
 $ sudo rm /[path]/[to]/[file]/shosts.equiv</xccdf:fixtext>
           <xccdf:fix id="F-61620r925851_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257955" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257955" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -8411,14 +8392,14 @@ $ sudo rm /[path]/[to]/[file]/shosts.equiv</xccdf:fixtext>
 $ sudo rm /[path]/[to]/[file]/.shosts</xccdf:fixtext>
           <xccdf:fix id="F-61621r925854_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257956" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257956" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257957">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257957r1106317_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257957r1155618_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253010</xccdf:version>
           <xccdf:title>RHEL 9 must be configured to use TCP syncookies.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
@@ -8429,7 +8410,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8448,38 +8429,33 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPO
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001095</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002385</xccdf:ident>
-          <xccdf:fixtext fixref="F-61622r1101958_fix">Configure RHEL 9 to use TCP syncookies.
+          <xccdf:fixtext fixref="F-61622r1155617_fix">Configure RHEL 9 to use TCP syncookies.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.tcp_syncookies = 1
+$ sudo vi /etc/sysctl.d/99-ipv4_tcp_syncookies.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.tcp_syncookies = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61622r1101958_fix" />
+          <xccdf:fix id="F-61622r1155617_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257957" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257957" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257958">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257958r1106319_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257958r1155721_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253015</xccdf:version>
           <xccdf:title>RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8495,38 +8471,33 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61623r1101988_fix">Configure RHEL 9 to ignore IPv4 ICMP redirect messages.
+          <xccdf:fixtext fixref="F-61623r1155720_fix">Configure RHEL 9 to ignore IPv4 ICMP redirect messages.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61623r1101988_fix" />
+          <xccdf:fix id="F-61623r1155720_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257958" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257958" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257959">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257959r1102024_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257959r1155724_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253020</xccdf:version>
           <xccdf:title>RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of which of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8542,33 +8513,28 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61624r1102023_fix">Configure RHEL 9 to not forward IPv4 source-routed packets.
+          <xccdf:fixtext fixref="F-61624r1155723_fix">Configure RHEL 9 to ignore IPv4 source-routed packets.
 
-Add or edit the following line in a system configuration file, in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.accept_source_route=0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_source.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61624r1102023_fix" />
+          <xccdf:fix id="F-61624r1155723_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257959" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257959" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257960">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257960r1106321_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257960r1155727_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253025</xccdf:version>
           <xccdf:title>RHEL 9 must log IPv4 packets with impossible addresses.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
@@ -8581,7 +8547,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8597,25 +8563,28 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61625r1106320_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces.
+          <xccdf:fixtext fixref="F-61625r1155726_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces.
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
+$ sudo vi /etc/sysctl.d/99-ipv4_log_martians.conf
+
+Add the following line to the file:
 net.ipv4.conf.all.log_martians=1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61625r1106320_fix" />
+          <xccdf:fix id="F-61625r1155726_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257960" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257960" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257961">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257961r1106323_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257961r1155730_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253030</xccdf:version>
           <xccdf:title>RHEL 9 must log IPv4 packets with impossible addresses by default.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
@@ -8628,7 +8597,7 @@ There may be shared resources with configurable protections (e.g., files in stor
 
 Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a nonprivileged user.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8644,30 +8613,33 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61626r1106322_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces by default.
+          <xccdf:fixtext fixref="F-61626r1155729_fix">Configure RHEL 9 to log martian packets on IPv4 interfaces by default.
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.default.log_martians = 1
+$ sudo vi /etc/sysctl.d/99-ipv4_log_martians.conf
 
-Load settings from all system configuration files with the following command:
+Add the following line to the file:
+net.ipv4.conf.default.log_martians=1
+
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61626r1106322_fix" />
+          <xccdf:fix id="F-61626r1155729_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257961" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257961" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257962">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257962r1106437_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257962r1155733_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253035</xccdf:version>
           <xccdf:title>RHEL 9 must use reverse path filtering on all IPv4 interfaces.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8683,38 +8655,35 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61627r1106324_fix">Configure RHEL 9 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file in the "/etc/sysctl.d" directory:
+          <xccdf:fixtext fixref="F-61627r1155732_fix">Configure RHEL 9 to use reverse path filtering on all IPv4 interfaces.
 
-net.ipv4.conf.all.rp_filter = 1
+Create a configuration file if it does not already exist:
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+$ sudo vi /etc/sysctl.d/99-ipv4_rp_filter.conf
+
+Add the following line to the file:
+net.ipv4.conf.all.rp_filter = 1
 
-The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61627r1106324_fix" />
+          <xccdf:fix id="F-61627r1155732_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257962" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257962" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257963">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257963r1106328_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257963r1155736_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253040</xccdf:version>
           <xccdf:title>RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
 This feature of the IPv4 protocol has few legitimate uses. It must be disabled unless absolutely required.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8730,38 +8699,33 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61628r1106327_fix">Configure RHEL 9 to prevent IPv4 ICMP redirect messages from being accepted.
+          <xccdf:fixtext fixref="F-61628r1155735_fix">Configure RHEL 9 to prevent IPv4 ICMP redirect messages from being accepted.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.default.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.default.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61628r1106327_fix" />
+          <xccdf:fix id="F-61628r1155735_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257963" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257963" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257964">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257964r1106438_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257964r1155739_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253045</xccdf:version>
           <xccdf:title>RHEL 9 must not forward IPv4 source-routed packets by default.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8777,33 +8741,28 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61629r1106330_fix">Configure RHEL 9 to not forward IPv4 source-routed packets by default.
+          <xccdf:fixtext fixref="F-61629r1155738_fix">Configure RHEL 9 to not forward IPv4 source-routed packets by default.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.default.accept_source_route=0
+$ sudo vi /etc/sysctl.d/99-ipv4_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.default.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61629r1106330_fix" />
+          <xccdf:fix id="F-61629r1155738_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257964" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257964" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257965">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257965r1106333_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257965r1155646_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253050</xccdf:version>
           <xccdf:title>RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.
@@ -8824,25 +8783,28 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61630r1106332_fix">Configure RHEL 9 to use reverse path filtering on IPv4 interfaces by default.
+          <xccdf:fixtext fixref="F-61630r1155645_fix">Configure RHEL 9 to use reverse path filtering on IPv4 interfaces by default.
+
+Create a configuration file if it does not already exist:
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+$ sudo vi /etc/sysctl.d/ipv4_rp_filter.conf
 
+Add the following line to the file:
 net.ipv4.conf.default.rp_filter = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61630r1106332_fix" />
+          <xccdf:fix id="F-61630r1155645_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257965" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257965" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257966">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257966r1106440_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257966r1155742_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253055</xccdf:version>
           <xccdf:title>RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
@@ -8851,7 +8813,7 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
 
 There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8867,38 +8829,33 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61631r1106334_fix">Configure RHEL 9 to not respond to IPv4 ICMP echoes sent to a broadcast address.
+          <xccdf:fixtext fixref="F-61631r1155741_fix">Configure RHEL 9 to ignore IPv4 ICMP echoes sent to a broadcast address.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.icmp_echo_ignore_broadcasts=1
+$ sudo vi /etc/sysctl.d/ipv4_icmp_echo_ignore_broadcasts.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61631r1106334_fix" />
+          <xccdf:fix id="F-61631r1155741_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257966" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257966" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257967">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257967r1106337_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257967r1155745_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253060</xccdf:version>
           <xccdf:title>RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8914,32 +8871,35 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61632r1106336_fix">Configure RHEL 9 to not log bogus ICMP errors: 
+          <xccdf:fixtext fixref="F-61632r1155744_fix">Configure RHEL 9 to not log bogus ICMP errors:
 
-Add or edit the following line in a single system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
+$ sudo vi /etc/sysctl.d/ipv4_icmp_ignore_bogus_error_responses.conf
+
+Add the following line to the file:
 net.ipv4.icmp_ignore_bogus_error_responses = 1
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61632r1106336_fix" />
+          <xccdf:fix id="F-61632r1155744_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257967" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257967" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257968">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257968r1106339_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257968r1155748_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253065</xccdf:version>
           <xccdf:title>RHEL 9 must not send Internet Control Message Protocol (ICMP) redirects.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
 
 The ability to send ICMP redirects is only appropriate for systems acting as routers.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -8955,70 +8915,75 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61633r1106338_fix">Configure RHEL 9 to not allow interfaces to perform IPv4 ICMP redirects.
+          <xccdf:fixtext fixref="F-61633r1155747_fix">Configure RHEL 9 to not allow interfaces to perform IPv4 ICMP redirects.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.send_redirects=0
+$ sudo vi /etc/sysctl.d/ipv4_send_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.send_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61633r1106338_fix" />
+          <xccdf:fix id="F-61633r1155747_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257968" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257968" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257969">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257969r991589_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257969r1155623_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253070</xccdf:version>
           <xccdf:title>RHEL 9 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
+          <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology. The ability to send ICMP redirects is only appropriate for systems acting as routers.
 
-The ability to send ICMP redirects is only appropriate for systems acting as routers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
-          <xccdf:reference>
-            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
-            <dc:publisher>DISA</dc:publisher>
-            <dc:type>DPMS Target</dc:type>
-            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
+          <xccdf:reference>
+            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
+            <dc:publisher>DISA</dc:publisher>
+            <dc:type>DPMS Target</dc:type>
+            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61634r925893_fix">Configure RHEL 9 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
+          <xccdf:fixtext fixref="F-61634r1155622_fix">Configure RHEL 9 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
 
-Add or edit the following line in a single system configuration file, in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
+$ sudo vi /etc/sysctl.d/ipv4_send_redirect.conf
+
+Add the following line to the file:
 net.ipv4.conf.default.send_redirects = 0
 
 Load settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61634r925893_fix" />
+          <xccdf:fix id="F-61634r1155622_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257969" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257969" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257970">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257970r1106442_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257970r1155751_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-253075</xccdf:version>
           <xccdf:title>RHEL 9 must not enable IPv4 packet forwarding unless the system is a router.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9034,40 +8999,35 @@ The sysctl --system command will load settings from all system configuration fil
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61635r1106341_fix">Configure RHEL 9 to not allow IPv4 packet forwarding, unless the system is a router.
+          <xccdf:fixtext fixref="F-61635r1155750_fix">Configure RHEL 9 to not allow IPv4 packet forwarding, unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv4.conf.all.forwarding=0
+$ sudo vi /etc/sysctl.d/ipv4_forwarding.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv4.conf.all.forwarding = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61635r1106341_fix" />
+          <xccdf:fix id="F-61635r1155750_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257970" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257970" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257971">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257971r1106444_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257971r1155754_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254010</xccdf:version>
           <xccdf:title>RHEL 9 must not accept router advertisements on all IPv6 interfaces.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
 An illicit router advertisement message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9084,38 +9044,33 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61636r1106343_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
+          <xccdf:fixtext fixref="F-61636r1155753_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.accept_ra=0
+$ sudo vi /etc/sysctl.d/ipv4_accept_ra.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.accept_ra = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61636r1106343_fix" />
+          <xccdf:fix id="F-61636r1155753_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257971" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257971" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257972">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257972r1106446_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257972r1155757_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254015</xccdf:version>
           <xccdf:title>RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9132,38 +9087,33 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61637r1106345_fix">Configure RHEL 9 to ignore IPv6 ICMP redirect messages.
+          <xccdf:fixtext fixref="F-61637r1155756_fix">Configure RHEL 9 to ignore IPv6 ICMP redirect messages.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/ipv6_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61637r1106345_fix" />
+          <xccdf:fix id="F-61637r1155756_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257972" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257972" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257973">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257973r1106448_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257973r1155760_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254020</xccdf:version>
           <xccdf:title>RHEL 9 must not forward IPv6 source-routed packets.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9180,38 +9130,33 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61638r1106347_fix">Configure RHEL 9 to not forward IPv6 source-routed packets.
+          <xccdf:fixtext fixref="F-61638r1155759_fix">Configure RHEL 9 to not accept IPv6 source-routed packets.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.accept_source_route=0
+$ sudo vi /etc/sysctl.d/ipv6_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61638r1106347_fix" />
+          <xccdf:fix id="F-61638r1155759_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257973" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257973" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257974">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257974r1106450_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257974r1155763_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254025</xccdf:version>
           <xccdf:title>RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9228,38 +9173,33 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61639r1106349_fix">Configure RHEL 9 to not allow IPv6 packet forwarding, unless the system is a router.
+          <xccdf:fixtext fixref="F-61639r1155762_fix">Configure RHEL 9 to not allow IPv6 packet forwarding, unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.all.forwarding=0
+$ sudo vi /etc/sysctl.d/ipv6_forwarding.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.all.forwarding = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61639r1106349_fix" />
+          <xccdf:fix id="F-61639r1155762_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257974" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257974" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257975">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257975r1106452_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257975r1155766_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254030</xccdf:version>
           <xccdf:title>RHEL 9 must not accept router advertisements on all IPv6 interfaces by default.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network. An illicit router advertisement message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9276,38 +9216,33 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61640r1106351_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
+          <xccdf:fixtext fixref="F-61640r1155765_fix">Configure RHEL 9 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.default.accept_ra=0
+$ sudo vi /etc/sysctl.d/ipv6_accept_ra.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.default.accept_ra = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61640r1106351_fix" />
+          <xccdf:fix id="F-61640r1155765_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257975" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257975" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257976">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257976r1106454_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257976r1155769_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254035</xccdf:version>
           <xccdf:title>RHEL 9 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9324,40 +9259,35 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61641r1106353_fix">Configure RHEL 9 to prevent IPv6 ICMP redirect messages from being accepted.
+          <xccdf:fixtext fixref="F-61641r1155768_fix">Configure RHEL 9 to prevent IPv6 ICMP redirect messages from being accepted.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.default.accept_redirects = 0
+$ sudo vi /etc/sysctl.d/ipv6_accept_redirects.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.default.accept_redirects = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61641r1106353_fix" />
+          <xccdf:fix id="F-61641r1155768_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257976" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257976" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-257977">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257977r1106456_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-257977r1155772_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-254040</xccdf:version>
           <xccdf:title>RHEL 9 must not forward IPv6 source-routed packets by default.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
 Accepting source-routed packets in the IPv6 protocol has few legitimate uses. It must be disabled unless it is absolutely required.
 
-The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographical order, regardless of the directories in which they reside. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
 
 /etc/sysctl.d/*.conf
 /run/sysctl.d/*.conf
@@ -9374,26 +9304,21 @@ The sysctl --system command will load settings from all system configuration fil
           </xccdf:reference>
           <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxIPv6enabled" />
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61642r1106355_fix">Configure RHEL 9 to not forward IPv6 source-routed packets by default.
+          <xccdf:fixtext fixref="F-61642r1155771_fix">Configure RHEL 9 to not accept IPv6 source-routed packets by default.
 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Create a configuration file if it does not already exist:
 
-net.ipv6.conf.default.accept_source_route=0
+$ sudo vi /etc/sysctl.d/ipv6_accept_source_route.conf
 
-Remove any configurations that conflict with the above from the following locations: 
-/run/sysctl.d/*.conf
-/usr/local/lib/sysctl.d/*.conf
-/usr/lib/sysctl.d/*.conf
-/lib/sysctl.d/*.conf
-/etc/sysctl.conf
-/etc/sysctl.d/*.conf
+Add the following line to the file:
+net.ipv6.conf.default.accept_source_route = 0
 
-Load settings from all system configuration files with the following command:
+Reload settings from all system configuration files with the following command:
 
 $ sudo sysctl --system</xccdf:fixtext>
-          <xccdf:fix id="F-61642r1106355_fix" />
+          <xccdf:fix id="F-61642r1155771_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257977" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257977" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9426,7 +9351,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
 $ sudo dnf install openssh-server</xccdf:fixtext>
           <xccdf:fix id="F-61643r925920_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257978" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257978" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9459,7 +9384,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
 $ systemctl enable --now sshd</xccdf:fixtext>
           <xccdf:fix id="F-61644r925923_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257979" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257979" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9483,7 +9408,7 @@ $ systemctl enable --now sshd</xccdf:fixtext>
 $ sudo dnf install openssh-clients</xccdf:fixtext>
           <xccdf:fix id="F-61645r1045015_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257980" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257980" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9518,7 +9443,7 @@ An example configuration line is:
 Banner /etc/issue</xccdf:fixtext>
           <xccdf:fix id="F-61646r1045018_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257981" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257981" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9546,7 +9471,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61647r1045020_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257982" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257982" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9579,7 +9504,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61648r1045023_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257983" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257983" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9609,7 +9534,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61649r1045025_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257984" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257984" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9640,7 +9565,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61650r1045027_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257985" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257985" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9668,7 +9593,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61651r1045029_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257986" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257986" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9708,7 +9633,7 @@ Setting system policy to FIPS
 Note: Systemwide crypto policies are applied on application startup. It is recommended to restart the system for the change of policies to fully take place.</xccdf:fixtext>
           <xccdf:fix id="F-61654r1051239_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257989" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257989" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9748,7 +9673,7 @@ Setting system policy to FIPS
 Note: Systemwide crypto policies are applied on application startup. It is recommended to restart the system for the change of policies to fully take place.</xccdf:fixtext>
           <xccdf:fix id="F-61656r1051245_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257991" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257991" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9776,7 +9701,7 @@ Restart the SSH daemon for the settings to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61657r1045046_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257992" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257992" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9804,7 +9729,7 @@ Restart the SSH daemon  for the setting to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61658r1045048_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257993" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257993" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9842,7 +9767,7 @@ Restart the SSH daemon for the settings to take effect.
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61659r1045050_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257994" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257994" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9881,7 +9806,7 @@ For the changes to take effect, the SSH daemon must be restarted.
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61660r1045052_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257995" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257995" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9921,7 +9846,7 @@ For the changes to take effect, the SSH daemon must be restarted.
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61661r1045054_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257996" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257996" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9945,7 +9870,7 @@ $ sudo systemctl restart sshd.service</xccdf:fixtext>
 $ sudo chgrp root /etc/ssh/sshd_config /etc/ssh/sshd_config.d</xccdf:fixtext>
           <xccdf:fix id="F-61662r1069369_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257997" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257997" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9969,7 +9894,7 @@ $ sudo chgrp root /etc/ssh/sshd_config /etc/ssh/sshd_config.d</xccdf:fixtext>
 $ sudo chown -R root /etc/ssh/sshd_config /etc/ssh/sshd_config.d</xccdf:fixtext>
           <xccdf:fix id="F-61663r1082180_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257998" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:257998" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -9997,7 +9922,7 @@ Restart the SSH daemon for the changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61665r925986_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258000" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258000" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10025,17 +9950,22 @@ Restart the SSH daemon for the changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61666r925989_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258001" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258001" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258002">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258002r991589_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258002r1155590_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-255130</xccdf:version>
           <xccdf:title>RHEL 9 SSH daemon must not allow compression or must only allow compression after successful authentication.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
+          <xccdf:description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.
+
+Compression options are:
+no - disables compression
+delayed - allow compression only after authentication
+yes - enables compression before authentication, which can leak sensitive metadata and is not recommended&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
           <xccdf:reference>
             <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
             <dc:publisher>DISA</dc:publisher>
@@ -10055,7 +9985,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61667r925992_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258002" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258002" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10087,7 +10017,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61668r1045064_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258003" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258003" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10119,7 +10049,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61669r1045066_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258004" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258004" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10149,7 +10079,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61670r1045068_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258005" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258005" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10179,7 +10109,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61671r1045070_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258006" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258006" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10209,7 +10139,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61672r1045072_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258007" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258007" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10239,7 +10169,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61673r1045074_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258008" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258008" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10269,7 +10199,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61674r1045076_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258009" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258009" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10299,7 +10229,7 @@ The SSH service must be restarted for changes to take effect:
 $ sudo systemctl restart sshd.service</xccdf:fixtext>
           <xccdf:fix id="F-61676r1045078_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258011" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258011" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10345,7 +10275,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61677r926022_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258012" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258012" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10389,7 +10319,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61678r1045081_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258013" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258013" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10426,7 +10356,7 @@ Then update the dconf system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61679r926028_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258014" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258014" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10460,41 +10390,7 @@ Then update the dconf system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61680r926031_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258015" />
-          </xccdf:check>
-        </xccdf:Rule>
-      </xccdf:Group>
-      <xccdf:Group id="xccdf_mil.disa.stig_group_V-258017">
-        <xccdf:title>SRG-OS-000114-GPOS-00059</xccdf:title>
-        <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258017r1045088_rule" severity="medium" weight="10.0">
-          <xccdf:version>RHEL-09-271035</xccdf:version>
-          <xccdf:title>RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
-
-Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
-          <xccdf:reference>
-            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
-            <dc:publisher>DISA</dc:publisher>
-            <dc:type>DPMS Target</dc:type>
-            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
-            <dc:identifier>5551</dc:identifier>
-          </xccdf:reference>
-          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxGnome" />
-          <xccdf:ident system="http://cyber.mil/cci">CCI-000778</xccdf:ident>
-          <xccdf:ident system="http://cyber.mil/cci">CCI-001958</xccdf:ident>
-          <xccdf:fixtext fixref="F-61682r926037_fix">Configure the GNOME desktop to not allow a user to change the setting that disables autorun on removable media.
-
-Add the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock" to prevent user modification:
-
-/org/gnome/desktop/media-handling/autorun-never
-
-Then update the dconf system databases:
-
-$ sudo dconf update</xccdf:fixtext>
-          <xccdf:fix id="F-61682r926037_fix" />
-          <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258017" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258015" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10522,7 +10418,7 @@ Set AutomaticLoginEnable to false in the [daemon] section in /etc/gdm/custom.con
 AutomaticLoginEnable=false</xccdf:fixtext>
           <xccdf:fix id="F-61683r926040_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258018" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258018" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10566,7 +10462,7 @@ Then update the dconf system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61684r926043_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258019" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258019" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10601,7 +10497,7 @@ Then update the dconf system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61685r926046_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258020" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258020" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10646,47 +10542,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61687r1045096_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258022" />
-          </xccdf:check>
-        </xccdf:Rule>
-      </xccdf:Group>
-      <xccdf:Group id="xccdf_mil.disa.stig_group_V-258023">
-        <xccdf:title>SRG-OS-000029-GPOS-00010</xccdf:title>
-        <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258023r958402_rule" severity="medium" weight="10.0">
-          <xccdf:version>RHEL-09-271065</xccdf:version>
-          <xccdf:title>RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock.
-
-Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
-          <xccdf:reference>
-            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
-            <dc:publisher>DISA</dc:publisher>
-            <dc:type>DPMS Target</dc:type>
-            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
-            <dc:identifier>5551</dc:identifier>
-          </xccdf:reference>
-          <xccdf:platform idref="#xccdf_mil.disa.stig_platform_LinuxGnome" />
-          <xccdf:ident system="http://cyber.mil/cci">CCI-000057</xccdf:ident>
-          <xccdf:ident system="http://cyber.mil/cci">CCI-000060</xccdf:ident>
-          <xccdf:fixtext fixref="F-61688r926055_fix">Configure RHEL 9 to initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.
-
-Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:
-
-$ sudo touch /etc/dconf/db/local.d/00-screensaver
-
-Edit /etc/dconf/db/local.d/00-screensaver and add or update the following lines:
-
-[org/gnome/desktop/session]
-# Set the lock time out to 900 seconds before the session is considered idle
-idle-delay=uint32 900
-
-Update the system databases:
-
-$ sudo dconf update</xccdf:fixtext>
-          <xccdf:fix id="F-61688r926055_fix" />
-          <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258023" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258022" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10726,7 +10582,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61689r1045099_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258024" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258024" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10763,7 +10619,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61691r1045102_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258026" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258026" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10792,7 +10648,7 @@ Update the dconf system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61694r1045108_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258029" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258029" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10827,7 +10683,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61695r1045111_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258030" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258030" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10862,7 +10718,7 @@ Run the following command to update the database:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61697r1045116_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258032" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258032" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10897,7 +10753,7 @@ Update the system databases:
 $ sudo dconf update</xccdf:fixtext>
           <xccdf:fix id="F-61698r1045119_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258033" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258033" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10926,7 +10782,7 @@ install usb-storage /bin/false
 blacklist usb-storage</xccdf:fixtext>
           <xccdf:fix id="F-61699r1045122_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258034" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258034" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10962,7 +10818,7 @@ $ sudo systemctl status usbguard
 Note: usbguard will need to be configured to allow authorized devices once it is enabled on RHEL 9.</xccdf:fixtext>
           <xccdf:fix id="F-61700r1045124_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258035" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258035" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -10989,7 +10845,7 @@ The system administrator (SA) must work with the site information system securit
 $ sudo systemctl enable --now usbguard</xccdf:fixtext>
           <xccdf:fix id="F-61701r926094_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258036" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258036" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11031,7 +10887,7 @@ Add or edit the following line in /etc/usbguard/usbguard-daemon.conf
 AuditBackend=LinuxAudit</xccdf:fixtext>
           <xccdf:fix id="F-61702r926097_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258037" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258037" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11063,7 +10919,7 @@ blacklist bluetooth
 Reboot the system for the settings to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61704r1045130_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258039" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258039" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11092,7 +10948,7 @@ Add or modify the following line in the "/etc/login.defs" file:
 PASS_MAX_DAYS 60</xccdf:fixtext>
           <xccdf:fix id="F-61706r926109_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258041" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258041" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11117,7 +10973,7 @@ PASS_MAX_DAYS 60</xccdf:fixtext>
 passwd -x 60 [user]</xccdf:fixtext>
           <xccdf:fix id="F-61707r926112_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258042" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258042" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11141,7 +10997,7 @@ passwd -x 60 [user]</xccdf:fixtext>
 CREATE_HOME yes</xccdf:fixtext>
           <xccdf:fix id="F-61708r926115_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258043" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258043" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11167,7 +11023,7 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
           <xccdf:fixtext fixref="F-61710r926121_fix">Edit the file "/etc/passwd" and provide each interactive user account that has a duplicate UID with a unique UID.</xccdf:fixtext>
           <xccdf:fix id="F-61710r926121_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258045" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258045" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11199,7 +11055,7 @@ $ sudo usermod --shell /sbin/nologin &lt;user&gt;
 Do not perform the steps in this section on the root account. Doing so will cause the system to become inaccessible.</xccdf:fixtext>
           <xccdf:fix id="F-61711r926124_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258046" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258046" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11223,7 +11079,7 @@ Do not perform the steps in this section on the root account. Doing so will caus
 Edit the file "/etc/passwd" and ensure that every user's GID is a valid GID.</xccdf:fixtext>
           <xccdf:fix id="F-61713r926130_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258048" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258048" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11257,7 +11113,7 @@ $ sudo useradd -D -f 35
 The recommendation is 35 days, but a lower value is acceptable.</xccdf:fixtext>
           <xccdf:fix id="F-61714r926133_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258049" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258049" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11279,7 +11135,7 @@ The recommendation is 35 days, but a lower value is acceptable.</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61716r926139_fix">Create and assign home directories to all local interactive users on RHEL 9 that currently do not have a home directory assigned.</xccdf:fixtext>
           <xccdf:fix id="F-61716r926139_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258051" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258051" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11308,7 +11164,7 @@ Add/modify the "/etc/security/faillock.conf" file to match the following line:
 deny = 3</xccdf:fixtext>
           <xccdf:fix id="F-61719r926148_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258054" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258054" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11339,7 +11195,7 @@ Edit the "/etc/security/faillock.conf" by uncommenting or adding the following l
 even_deny_root</xccdf:fixtext>
           <xccdf:fix id="F-61720r1045139_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258055" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258055" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11370,7 +11226,7 @@ Then edit the "/etc/security/faillock.conf" file as follows:
 fail_interval = 900</xccdf:fixtext>
           <xccdf:fix id="F-61721r1045142_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258056" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258056" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11401,7 +11257,7 @@ Edit the "/etc/security/faillock.conf" file as follows:
 unlock_time = 0</xccdf:fixtext>
           <xccdf:fix id="F-61722r1045145_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258057" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258057" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11425,7 +11281,7 @@ unlock_time = 0</xccdf:fixtext>
 If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.</xccdf:fixtext>
           <xccdf:fix id="F-61724r926163_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258059" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258059" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11451,7 +11307,7 @@ Add/modify the "/etc/security/faillock.conf" file to match the following line:
 dir = /var/log/faillock</xccdf:fixtext>
           <xccdf:fix id="F-61725r926166_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258060" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258060" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11473,7 +11329,7 @@ dir = /var/log/faillock</xccdf:fixtext>
           <xccdf:fixtext fixref="F-61726r926169_fix">Edit the file "/etc/group" and provide each group that has a duplicate GID with a unique GID.</xccdf:fixtext>
           <xccdf:fix id="F-61726r926169_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258061" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258061" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11504,7 +11360,7 @@ Add or edit the following line in "/etc/profile.d/tmout.sh":
 declare -xr TMOUT=600</xccdf:fixtext>
           <xccdf:fix id="F-61733r1014871_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258068" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258068" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11532,7 +11388,7 @@ Add the following line to the top of the /etc/security/limits.conf or in a ".con
 * hard maxlogins 10</xccdf:fixtext>
           <xccdf:fix id="F-61734r926193_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258069" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258069" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11562,7 +11418,7 @@ Add/modify the "/etc/security/faillock.conf" file to match the following line:
 audit</xccdf:fixtext>
           <xccdf:fix id="F-61735r1045152_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258070" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258070" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11588,7 +11444,7 @@ Modify the "/etc/login.defs" file to set the "FAIL_DELAY" parameter to 4 or grea
 FAIL_DELAY 4</xccdf:fixtext>
           <xccdf:fix id="F-61736r926199_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258071" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258071" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11616,7 +11472,7 @@ Add or edit the lines for the "umask" parameter in the "/etc/bashrc" file to "07
 umask 077</xccdf:fixtext>
           <xccdf:fix id="F-61737r926202_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258072" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258072" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11644,7 +11500,7 @@ Add or edit the lines for the "umask" parameter in the "/etc/csh.cshrc" file to
 umask 077</xccdf:fixtext>
           <xccdf:fix id="F-61738r926205_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258073" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258073" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11670,7 +11526,7 @@ Add or edit the lines for the "UMASK" parameter in the "/etc/login.defs" file to
 UMASK 077</xccdf:fixtext>
           <xccdf:fix id="F-61739r926208_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258074" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258074" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11698,40 +11554,14 @@ Add or edit the lines for the "umask" parameter in the "/etc/profile" file to "0
 umask 077</xccdf:fixtext>
           <xccdf:fix id="F-61740r926211_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258075" />
-          </xccdf:check>
-        </xccdf:Rule>
-      </xccdf:Group>
-      <xccdf:Group id="xccdf_mil.disa.stig_group_V-258076">
-        <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
-        <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258076r991589_rule" severity="low" weight="10.0">
-          <xccdf:version>RHEL-09-412075</xccdf:version>
-          <xccdf:title>RHEL 9 must display the date and time of the last successful account logon upon logon.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
-          <xccdf:reference>
-            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
-            <dc:publisher>DISA</dc:publisher>
-            <dc:type>DPMS Target</dc:type>
-            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
-            <dc:identifier>5551</dc:identifier>
-          </xccdf:reference>
-          <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61741r926214_fix">Configure RHEL 9 to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/postlogin". 
-
-Add the following line to the top of "/etc/pam.d/postlogin":
-
-session required pam_lastlog.so showfailed</xccdf:fixtext>
-          <xccdf:fix id="F-61741r926214_fix" />
-          <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258076" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258075" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258077">
         <xccdf:title>SRG-OS-000163-GPOS-00072</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258077r1014874_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258077r1155659_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-412080</xccdf:version>
           <xccdf:title>RHEL 9 must terminate idle user sessions.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -11743,16 +11573,24 @@ session required pam_lastlog.so showfailed</xccdf:fixtext>
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001133</xccdf:ident>
-          <xccdf:fixtext fixref="F-61742r1014873_fix">Configure RHEL 9 to log out idle sessions by editing the /etc/systemd/logind.conf file with the following line:
+          <xccdf:fixtext fixref="F-61742r1155658_fix">Configure RHEL 9 to log out idle sessions.
+
+Create the directory if necessary:
+
+$ mkdir -p /etc/systemd/logind.conf.d/
+
+Create a *.conf file in /etc/systemd/logind.conf.d/ with the following content:
 
-StopIdleSessionSec=900
+[Login]
+StopIdleSessionSec=600
+KillUserProcesses=no
 
-The "logind" service must be restarted for the changes to take effect. To restart the "logind" service, run the following command:
+Restart systemd-logind:
 
-$ sudo systemctl restart systemd-logind</xccdf:fixtext>
-          <xccdf:fix id="F-61742r1014873_fix" />
+$ systemctl restart systemd-logind</xccdf:fixtext>
+          <xccdf:fix id="F-61742r1155658_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258077" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258077" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11785,7 +11623,7 @@ Edit the file "/etc/selinux/config" and add or modify the following line:
 A reboot is required for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61743r926220_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258078" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258078" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11815,7 +11653,7 @@ Edit the file "/etc/selinux/config" and add or modify the following line:
 A reboot is required for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61744r926223_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258079" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258079" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11843,7 +11681,7 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068&lt;/VulnDiscussion
 $ sudo dnf install policycoreutils</xccdf:fixtext>
           <xccdf:fix id="F-61746r926229_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258081" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258081" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11867,7 +11705,7 @@ $ sudo dnf install policycoreutils</xccdf:fixtext>
 $ sudo dnf install policycoreutils-python-utils</xccdf:fixtext>
           <xccdf:fix id="F-61747r926232_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258082" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258082" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11891,7 +11729,7 @@ $ sudo dnf install policycoreutils-python-utils</xccdf:fixtext>
 $ sudo dnf install sudo</xccdf:fixtext>
           <xccdf:fix id="F-61748r926235_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258083" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258083" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11922,7 +11760,7 @@ Add the following line to "/etc/sudoers" or a file in "/etc/sudoers.d":
 Defaults timestamp_timeout=0</xccdf:fixtext>
           <xccdf:fix id="F-61749r1045170_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258084" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258084" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11948,7 +11786,7 @@ Defaults !rootpw
 Defaults !runaspw</xccdf:fixtext>
           <xccdf:fix id="F-61750r926241_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258085" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258085" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -11979,7 +11817,7 @@ Remove any occurrence of "!authenticate" found in "/etc/sudoers" file or files i
 $ sudo sed -i '/\!authenticate/ s/^/# /g' /etc/sudoers /etc/sudoers.d/*</xccdf:fixtext>
           <xccdf:fix id="F-61751r926244_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258086" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258086" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12004,14 +11842,14 @@ ALL     ALL=(ALL) ALL
 ALL     ALL=(ALL:ALL) ALL</xccdf:fixtext>
           <xccdf:fix id="F-61752r926247_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258087" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258087" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258088">
         <xccdf:title>SRG-OS-000373-GPOS-00156</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258088r1050789_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258088r1155643_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-432035</xccdf:version>
           <xccdf:title>RHEL 9 must restrict the use of the "su" command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "su" program allows to run commands with a substitute user and group ID. It is commonly used to run commands as the root user. Limiting access to such commands is considered a good security practice.
@@ -12038,7 +11876,7 @@ $ sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_whee
 If necessary, create a "wheel" group and add administrative users to the group.</xccdf:fixtext>
           <xccdf:fix id="F-61753r926250_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258088" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258088" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12073,7 +11911,7 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154&lt;/VulnDiscussion
 $ sudo dnf install fapolicyd</xccdf:fixtext>
           <xccdf:fix id="F-61754r926253_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258089" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258089" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12108,7 +11946,7 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154&lt;/VulnDiscussion
 $ systemctl enable --now fapolicyd</xccdf:fixtext>
           <xccdf:fix id="F-61755r926256_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258090" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258090" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12141,7 +11979,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 retry = 3</xccdf:fixtext>
           <xccdf:fix id="F-61756r1045184_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258091" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258091" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12169,7 +12007,7 @@ Otherwise, remove any instances of the "nullok" option in the "/etc/pam.d/passwo
 Note: Manual changes to the listed file may be overwritten by the "authselect" program.</xccdf:fixtext>
           <xccdf:fix id="F-61759r1045186_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258094" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258094" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12199,7 +12037,7 @@ Add the following line to the "/etc/pam.d/password-auth" file (or modify the lin
 password required pam_pwquality.so</xccdf:fixtext>
           <xccdf:fix id="F-61762r926277_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258097" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258097" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12225,7 +12063,7 @@ Add the following line to the "/etc/pam.d/system-auth" file(or modify the line t
 password required pam_pwquality.so</xccdf:fixtext>
           <xccdf:fix id="F-61763r926280_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258098" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258098" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12259,7 +12097,7 @@ password sufficient pam_unix.so sha512 rounds=100000
 Note: Running authselect will overwrite this value unless a custom authselect policy is created.</xccdf:fixtext>
           <xccdf:fix id="F-61764r1045197_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258099" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258099" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12293,7 +12131,7 @@ password sufficient pam_unix.so sha512 rounds=100000
 Note: Running authselect will overwrite this value unless a custom authselect policy is created.</xccdf:fixtext>
           <xccdf:fix id="F-61765r1045200_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258100" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258100" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12329,7 +12167,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 enforce_for_root</xccdf:fixtext>
           <xccdf:fix id="F-61766r1045203_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258101" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258101" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12358,7 +12196,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 lcredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-61767r1045206_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258102" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258102" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12387,7 +12225,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 dcredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-61768r1045209_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258103" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258103" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12416,7 +12254,7 @@ Add the following line in "/etc/login.defs" (or modify the line to have the requ
 PASS_MIN_DAYS 1</xccdf:fixtext>
           <xccdf:fix id="F-61769r926298_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258104" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258104" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12441,7 +12279,7 @@ PASS_MIN_DAYS 1</xccdf:fixtext>
 $ sudo passwd -n 1 [user]</xccdf:fixtext>
           <xccdf:fix id="F-61770r926301_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258105" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258105" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12472,7 +12310,7 @@ Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the
 $ sudo find /etc/sudoers /etc/sudoers.d -type f -exec sed -i '/NOPASSWD/ s/^/# /g' {} \;</xccdf:fixtext>
           <xccdf:fix id="F-61771r1045214_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258106" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258106" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12507,7 +12345,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 minlen = 15</xccdf:fixtext>
           <xccdf:fix id="F-61772r1045217_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258107" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258107" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12534,7 +12372,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 ocredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-61774r1045219_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258109" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258109" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12560,7 +12398,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 dictcheck=1</xccdf:fixtext>
           <xccdf:fix id="F-61775r1045222_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258110" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258110" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12587,7 +12425,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 ucredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-61776r1045225_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258111" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258111" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12616,7 +12454,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 difok = 8</xccdf:fixtext>
           <xccdf:fix id="F-61777r1045228_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258112" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258112" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12645,7 +12483,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 maxclassrepeat = 4</xccdf:fixtext>
           <xccdf:fix id="F-61778r1045231_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258113" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258113" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12674,7 +12512,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 maxrepeat = 3</xccdf:fixtext>
           <xccdf:fix id="F-61779r1045234_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258114" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258114" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12703,7 +12541,7 @@ Add or update the following line in the "/etc/security/pwquality.conf" file or a
 minclass = 4</xccdf:fixtext>
           <xccdf:fix id="F-61780r1045237_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258115" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258115" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12732,7 +12570,7 @@ Add or change the following line in the "[defaults]" section of "/etc/libuser.co
 crypt_style = sha512</xccdf:fixtext>
           <xccdf:fix id="F-61781r1014895_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258116" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258116" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12761,7 +12599,7 @@ Add or update the following line in the "/etc/login.defs" file:
 ENCRYPT_METHOD SHA512</xccdf:fixtext>
           <xccdf:fix id="F-61782r926337_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258117" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258117" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12788,7 +12626,7 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
 Remove any occurrences of " pam_succeed_if " in the  "/etc/pam.d/sudo" file.</xccdf:fixtext>
           <xccdf:fix id="F-61783r926340_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258118" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258118" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12818,14 +12656,14 @@ To lock an account:
 $ sudo passwd -l [username]</xccdf:fixtext>
           <xccdf:fix id="F-61785r926346_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258120" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258120" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258121">
         <xccdf:title>SRG-OS-000104-GPOS-00051</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258121r1102086_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258121r1155682_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-611160</xccdf:version>
           <xccdf:title>RHEL 9 must use the common access card (CAC) smart card driver.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards.
@@ -12847,16 +12685,16 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000768</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000770</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001942</xccdf:ident>
-          <xccdf:fixtext fixref="F-61786r1045242_fix">Configure RHEL 9 to load the CAC driver.
+          <xccdf:fixtext fixref="F-61786r1155681_fix">Configure RHEL 9 to load the CAC driver.
 
-$ sudo opensc-tool --set-conf-entry app:default:card_driver:cac
+$ sudo opensc-tool --set-conf-entry app:default:card_drivers:cac
 
 Restart the pcscd service to apply the changes:
 
 $ sudo systemctl restart pcscd</xccdf:fixtext>
-          <xccdf:fix id="F-61786r1045242_fix" />
+          <xccdf:fix id="F-61786r1155681_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258121" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258121" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12885,7 +12723,7 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052&lt;/VulnDiscussion
 pam_cert_auth = True</xccdf:fixtext>
           <xccdf:fix id="F-61787r1045245_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258122" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258122" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12930,7 +12768,7 @@ The "sssd" service must be restarted for the changes to take effect. To restart
 $ sudo systemctl restart sssd.service</xccdf:fixtext>
           <xccdf:fix id="F-61788r926355_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258123" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258123" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12955,7 +12793,7 @@ $ sudo systemctl restart sssd.service</xccdf:fixtext>
 $ sudo dnf install pcsc-lite</xccdf:fixtext>
           <xccdf:fix id="F-61789r926358_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258124" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258124" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -12982,7 +12820,7 @@ The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a
 $ sudo systemctl enable --now pcscd.socket</xccdf:fixtext>
           <xccdf:fix id="F-61790r1045252_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258125" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258125" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13012,14 +12850,14 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161&lt;/VulnDiscussion
 $ sudo dnf install opensc</xccdf:fixtext>
           <xccdf:fix id="F-61791r926364_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258126" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258126" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258128">
         <xccdf:title>SRG-OS-000080-GPOS-00048</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258128r1117265_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258128r1155626_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-611195</xccdf:version>
           <xccdf:title>RHEL 9 must require authentication to access emergency mode.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
@@ -13033,21 +12871,34 @@ This requirement prevents attackers with physical access from trivially bypassin
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
-          <xccdf:fixtext fixref="F-61793r926370_fix">Configure RHEL 9 to require authentication for emergency mode.
+          <xccdf:fixtext fixref="F-61793r1155625_fix">Configure RHEL 9 to require authentication for emergency mode.
 
-Add or modify the following line in the "/usr/lib/systemd/system/emergency.service" file:
+Create a directory for supplementary configuration files: 
+$ sudo mkdir /etc/systemd/system/emergency.service.d/
 
-ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</xccdf:fixtext>
-          <xccdf:fix id="F-61793r926370_fix" />
+Copy the original file emergency.service file to the new directory with:
+$ sudo cp  /usr/lib/systemd/system/emergency.service  /etc/systemd/system/emergency.service.d/emergency.service.conf
+
+Open the new file:
+$ sudo vi /etc/systemd/system/emergency.service.d/emergency.service.conf
+
+Add or modify the following line in the new file:
+ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
+
+Comment out or remove the ExecStart and ExecStartPre lines in /usr/lib/systemd/system/emergency.service as they can only exist in one location.
+
+Apply changes to unit files without rebooting the system:
+$ sudo systemctl daemon-reload</xccdf:fixtext>
+          <xccdf:fix id="F-61793r1155625_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258128" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258128" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258129">
         <xccdf:title>SRG-OS-000080-GPOS-00048</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258129r1117265_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258129r1155628_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-611200</xccdf:version>
           <xccdf:title>RHEL 9 must require authentication to access single-user mode.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
@@ -13065,28 +12916,27 @@ For example, to extend the configuration of the network service, do not modify t
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
-          <xccdf:fixtext fixref="F-61794r1102058_fix">Configure RHEL 9 to require authentication for single-user mode.
+          <xccdf:fixtext fixref="F-61794r1155627_fix">Configure RHEL 9 to require authentication for single-user mode.
 
-Create a directory for supplementary configuration files at /etc/systemd/system/rescue.service.d/
+Create a directory for supplementary configuration files: 
+$ sudo mkdir /etc/systemd/system/rescue.service.d/
 
 Copy the original file rescue.service file to the new directory with:
-
 $ sudo cp  /usr/lib/systemd/system/rescue.service  /etc/systemd/system/rescue.service.d/rescue.service.conf
 
-Add or modify the following line in the "etc/systemd/system/rescue.service.d/rescue.service.conf" file:
+Open the new file:
+$ sudo vi etc/systemd/system/rescue.service.d/rescue.service.conf
 
+Add this line to the new file:
 ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
 
-Apply changes to unit files without rebooting the system:
-
-$ sudo systemctl daemon-reload
-
-If the modified unit file belongs to a running service, restart the service:
+Comment out or remove the ExecStart and ExecStartPre lines in /usr/lib/systemd/system/rescue.service as they can only exist in one location.
 
-$ sudo  systemctl restart rescue.service</xccdf:fixtext>
-          <xccdf:fix id="F-61794r1102058_fix" />
+Apply changes to unit files without rebooting the system:
+$ sudo systemctl daemon-reload</xccdf:fixtext>
+          <xccdf:fix id="F-61794r1155627_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258129" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258129" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13112,7 +12962,7 @@ Edit the file "/etc/sssd/sssd.conf" or a configuration file in "/etc/sssd/conf.d
 offline_credentials_expiration = 1</xccdf:fixtext>
           <xccdf:fix id="F-61798r1045262_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258133" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258133" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13152,7 +13002,7 @@ Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPO
 /usr/sbin/augenrules p+i+n+u+g+s+b+acl+xattrs+sha512</xccdf:fixtext>
           <xccdf:fix id="F-61802r943020_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258137" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258137" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13179,7 +13029,7 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPO
 $ sudo dnf install rsyslog</xccdf:fixtext>
           <xccdf:fix id="F-61805r1106358_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258140" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258140" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13205,7 +13055,7 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion
 $ sudo dnf install rsyslog-gnutls</xccdf:fixtext>
           <xccdf:fix id="F-61806r926409_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258141" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258141" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13229,14 +13079,14 @@ $ sudo dnf install rsyslog-gnutls</xccdf:fixtext>
 $ sudo systemctl enable --now rsyslog</xccdf:fixtext>
           <xccdf:fix id="F-61807r926412_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258142" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258142" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258143">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258143r1134931_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258143r1155671_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-652025</xccdf:version>
           <xccdf:title>RHEL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Unintentionally running a rsyslog server accepting remote messages puts the system at increased risk. Malicious rsyslog messages sent to the server could exploit vulnerabilities in the server software itself, could introduce misleading information into the system's logs, or could fill the system's storage leading to a denial of service.
@@ -13250,9 +13100,12 @@ If the system is intended to be a log aggregation server, its use must be docume
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000366</xccdf:ident>
-          <xccdf:fixtext fixref="F-61808r1045282_fix">Configure RHEL 9 to not receive remote logs using rsyslog.
+          <xccdf:fixtext fixref="F-61808r1155670_fix">Configure RHEL 9 to not receive remote logs using rsyslog.
 
 Remove the lines in /etc/rsyslog.conf and any files in the /etc/rsyslog.d directory that match any of the following:
+InputTCPServerRun
+UDPServerRun
+RELPServerRun
 module(load="imtcp")
 module(load="imudp")
 module(load="imrelp")
@@ -13263,9 +13116,9 @@ input(type="imrelp" port="514")
 The rsyslog daemon must be restarted for the changes to take effect:
 
 $ sudo systemctl restart rsyslog.service</xccdf:fixtext>
-          <xccdf:fix id="F-61808r1045282_fix" />
+          <xccdf:fix id="F-61808r1155670_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258143" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258143" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13293,7 +13146,7 @@ The "rsyslog" service must be restarted for the changes to take effect with the
 $ sudo systemctl restart rsyslog.service</xccdf:fixtext>
           <xccdf:fix id="F-61809r1045285_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258144" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258144" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13329,7 +13182,7 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224&lt;/VulnDiscussion
 $ActionSendStreamDriverAuthMode x509/name</xccdf:fixtext>
           <xccdf:fix id="F-61811r926424_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258146" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258146" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13365,7 +13218,7 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224&lt;/VulnDiscussion
 $ActionSendStreamDriverMode 1</xccdf:fixtext>
           <xccdf:fix id="F-61812r926427_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258147" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258147" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13395,14 +13248,14 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224&lt;/VulnDiscussion
 $DefaultNetstreamDriver gtls</xccdf:fixtext>
           <xccdf:fix id="F-61813r926430_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258148" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258148" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258149">
         <xccdf:title>SRG-OS-000479-GPOS-00224</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258149r1106462_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258149r1155580_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-652055</xccdf:version>
           <xccdf:title>RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
@@ -13428,12 +13281,26 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPO
             <dc:identifier>5551</dc:identifier>
           </xccdf:reference>
           <xccdf:ident system="http://cyber.mil/cci">CCI-001851</xccdf:ident>
-          <xccdf:fixtext fixref="F-61814r1106361_fix">Configure RHEL 9 to off-load audit records onto a different system or media from the system being audited via TCP using rsyslog by specifying the remote logging server in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server.
+          <xccdf:fixtext fixref="F-61814r1155579_fix">Configure RHEL 9 to off-load audit records onto a different system or media from the system being audited via TCP using rsyslog by specifying the remote logging server in "/etc/rsyslog.conf" or "/etc/rsyslog.d/[customfile].conf" with the name or IP address of the log aggregation server. The following are examples of the configuration for the legacy syntax and for the newer Rainer script. Only one should be used.
+
+Using legacy '@host:port" syntax example:
+*.* @@[remoteloggingserver]:[port]
 
-*.* @@[remoteloggingserver]:[port]</xccdf:fixtext>
-          <xccdf:fix id="F-61814r1106361_fix" />
+Using Rainer script example:
+action(
+    type="omfwd"
+    target="logserver.example.com"
+    port="514"
+    protocol="tcp"
+    action.resumeRetryCount="-1"
+    queue.type="linkedList"
+    que.size="10000"
+)
+
+Note: The Rainer Script above does not contain the required encryption settings.</xccdf:fixtext>
+          <xccdf:fix id="F-61814r1155579_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258149" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258149" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13488,7 +13355,7 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
 $ sudo dnf install audit</xccdf:fixtext>
           <xccdf:fix id="F-61816r926439_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258151" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258151" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13541,7 +13408,7 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
 $ sudo systemctl enable --now auditd</xccdf:fixtext>
           <xccdf:fix id="F-61817r926442_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258152" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258152" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13569,7 +13436,7 @@ disk_error_action = HALT
 If availability has been determined to be more important, and this decision is documented with the information system security officer (ISSO), configure the operating system to notify SA staff and ISSO staff in the event of an audit processing failure by setting the "disk_error_action" to "SYSLOG".</xccdf:fixtext>
           <xccdf:fix id="F-61818r926445_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258153" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258153" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13597,7 +13464,7 @@ disk_full_action = HALT
 If availability has been determined to be more important, and this decision is documented with the information system security officer (ISSO), configure the operating system to notify SA staff and ISSO staff in the event of an audit processing failure by setting the "disk_full_action" to "SYSLOG".</xccdf:fixtext>
           <xccdf:fix id="F-61819r926448_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258154" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258154" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13628,7 +13495,7 @@ If audit records are stored on a partition made specifically for audit records,
 If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient space will need be to be created.</xccdf:fixtext>
           <xccdf:fix id="F-61820r926451_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258155" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258155" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13652,7 +13519,7 @@ If audit records are not stored on a partition made specifically for audit recor
 space_left  = 25%</xccdf:fixtext>
           <xccdf:fix id="F-61821r1102076_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258156" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258156" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13676,7 +13543,7 @@ space_left  = 25%</xccdf:fixtext>
 space_left_action = email</xccdf:fixtext>
           <xccdf:fix id="F-61822r926457_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258157" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258157" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13700,7 +13567,7 @@ space_left_action = email</xccdf:fixtext>
 admin_space_left  = 5%</xccdf:fixtext>
           <xccdf:fix id="F-61823r926460_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258158" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258158" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13728,7 +13595,7 @@ admin_space_left_action = single
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61824r926463_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258159" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258159" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13754,7 +13621,7 @@ Add or update the following line in "/etc/audit/auditd.conf" file:
 max_log_file_action = ROTATE</xccdf:fixtext>
           <xccdf:fix id="F-61825r926466_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258160" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258160" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13785,7 +13652,7 @@ name_format = hostname
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61826r926469_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258161" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258161" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13815,7 +13682,7 @@ overflow_action = syslog
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61827r926472_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258162" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258162" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13850,7 +13717,7 @@ action_mail_acct = root
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61828r926475_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258163" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258163" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13880,7 +13747,7 @@ local_events = yes
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61829r926478_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258164" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258164" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13915,7 +13782,7 @@ Change the ownership to that group:
 $ sudo chgrp ${GROUP} /var/log/audit</xccdf:fixtext>
           <xccdf:fix id="F-61830r926481_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258165" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258165" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -13944,14 +13811,14 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
 $ sudo chown root /var/log/audit</xccdf:fixtext>
           <xccdf:fix id="F-61831r926484_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258166" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258166" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258167">
         <xccdf:title>SRG-OS-000057-GPOS-00027</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258167r1101918_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258167r1155630_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-653090</xccdf:version>
           <xccdf:title>RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
@@ -13991,7 +13858,7 @@ $ sudo chmod 0600 $log_file
 $ sudo chmod 0400 $log_file.*</xccdf:fixtext>
           <xccdf:fix id="F-61832r1045305_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258167" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258167" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14017,7 +13884,7 @@ freq = 100
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61833r943023_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258168" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258168" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14050,7 +13917,7 @@ log_format = ENRICHED
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61834r926493_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258169" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258169" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14078,7 +13945,7 @@ write_logs = yes
 The audit daemon must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61835r926496_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258170" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258170" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14104,7 +13971,7 @@ $ sudo chmod 0640 /etc/audit/rules.d/[customrulesfile].rules
 $ sudo chmod 0640 /etc/audit/auditd.conf</xccdf:fixtext>
           <xccdf:fix id="F-61836r926499_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258171" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258171" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14137,7 +14004,7 @@ Satisfies: SRG-OS-000254-GPOS-00095, SRG-OS-000341-GPOS-00132&lt;/VulnDiscussion
 $ sudo grubby --update-kernel=ALL --args=audit_backlog_limit=8192</xccdf:fixtext>
           <xccdf:fix id="F-61838r926505_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258173" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258173" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14161,14 +14028,14 @@ $ sudo grubby --update-kernel=ALL --args=audit_backlog_limit=8192</xccdf:fixtext
 $ sudo dnf install audispd-plugins</xccdf:fixtext>
           <xccdf:fix id="F-61840r926511_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258175" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258175" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258176">
         <xccdf:title>SRG-OS-000326-GPOS-00126</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258176r1106366_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258176r1155595_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654010</xccdf:version>
           <xccdf:title>RHEL 9 must audit uses of the "execve" system call.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
@@ -14197,17 +14064,17 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61841r1045312_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258176" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258176" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258177">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258177r1106368_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258177r1155597_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654015</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+          <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -14240,17 +14107,17 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61842r1045315_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258177" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258177" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258178">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258178r1106370_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258178r1155599_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654020</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.</xccdf:title>
-          <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+          <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -14283,14 +14150,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61843r1045318_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258178" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258178" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258179">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258179r1106371_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258179r1155601_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654025</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -14326,7 +14193,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61844r1045321_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258179" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258179" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14365,7 +14232,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61845r1045324_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258180" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258180" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14405,7 +14272,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61846r1045327_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258181" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258181" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14445,7 +14312,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61847r1045330_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258182" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258182" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14485,7 +14352,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61848r1045333_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258183" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258183" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14525,7 +14392,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61849r1045336_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258184" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258184" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14565,7 +14432,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61850r1045339_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258185" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258185" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14605,14 +14472,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61851r1045342_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258186" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258186" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258187">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258187r1106373_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258187r1155603_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654065</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -14646,14 +14513,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61852r1045345_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258187" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258187" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258188">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258188r1106375_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258188r1155605_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654070</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -14690,14 +14557,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61853r1045348_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258188" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258188" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258189">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258189r1106377_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258189r1155607_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654075</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the delete_module system call.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -14731,14 +14598,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61854r1045351_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258189" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258189" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258190">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258190r1106379_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258190r1155609_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654080</xccdf:version>
           <xccdf:title>RHEL 9 must audit all uses of the init_module and finit_module system calls.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -14772,7 +14639,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61855r1045354_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258190" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258190" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14812,7 +14679,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61856r1045357_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258191" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258191" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14852,7 +14719,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61857r1045360_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258192" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258192" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14892,7 +14759,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61858r1045363_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258193" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258193" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14932,7 +14799,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61859r1045366_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258194" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258194" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -14972,7 +14839,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61860r1045369_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258195" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258195" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15012,7 +14879,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61861r1045372_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258196" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258196" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15052,7 +14919,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61862r1045375_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258197" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258197" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15092,7 +14959,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61863r1045378_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258198" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258198" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15132,7 +14999,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61864r1045381_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258199" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258199" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15172,7 +15039,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61865r1045384_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258200" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258200" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15212,7 +15079,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61866r1045387_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258201" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258201" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15252,7 +15119,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61867r1045390_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258202" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258202" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15292,7 +15159,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61868r1045393_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258203" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258203" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15332,7 +15199,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61869r1045396_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258204" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258204" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15372,7 +15239,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61870r1045399_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258205" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258205" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15412,7 +15279,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61871r1045402_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258206" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258206" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15452,7 +15319,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61872r1045405_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258207" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258207" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15492,7 +15359,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61873r1045408_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258208" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258208" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15532,7 +15399,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61874r1045411_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258209" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258209" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15572,7 +15439,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61875r1045414_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258210" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258210" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15600,7 +15467,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61876r1045417_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258211" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258211" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15628,7 +15495,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61877r1045420_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258212" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258212" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15656,7 +15523,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61878r1045423_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258213" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258213" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15684,14 +15551,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61879r1045426_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258214" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258214" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258215">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258215r1106381_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258215r1155611_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654205</xccdf:version>
           <xccdf:title>Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
@@ -15717,14 +15584,14 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61880r1045429_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258215" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258215" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-258216">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258216r1102090_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258216r1155613_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-654210</xccdf:version>
           <xccdf:title>Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
@@ -15751,7 +15618,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61881r1045432_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258216" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258216" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15794,7 +15661,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61882r1045435_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258217" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258217" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15837,7 +15704,7 @@ To load the rules to the kernel immediately, use the following command:
 $ sudo augenrules --load</xccdf:fixtext>
           <xccdf:fix id="F-61883r1045438_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258218" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258218" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15878,7 +15745,7 @@ Add or update the following file system rule to "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61884r926643_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258219" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258219" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15919,7 +15786,7 @@ Add or update the following file system rule to "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61885r926646_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258220" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258220" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -15960,7 +15827,7 @@ Add or update the following file system rule to "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61886r926649_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258221" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258221" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16005,7 +15872,7 @@ Add or update the following file system rule to "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61887r926652_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258222" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258222" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16046,7 +15913,7 @@ Add or update the following file system rule to "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61888r926655_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258223" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258223" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16079,7 +15946,7 @@ The audit daemon must be restarted for the changes to take effect.
 $ sudo service auditd restart</xccdf:fixtext>
           <xccdf:fix id="F-61889r1014987_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258224" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258224" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16115,7 +15982,7 @@ The audit daemon must be restarted for the changes to take effect.
 $ sudo service auditd restart</xccdf:fixtext>
           <xccdf:fix id="F-61890r1014989_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258225" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258225" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16146,7 +16013,7 @@ Add the following line to the bottom of the /etc/audit/rules.d/audit.rules file:
 -f 2</xccdf:fixtext>
           <xccdf:fix id="F-61892r1014991_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258227" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258227" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16177,7 +16044,7 @@ Satisfies: SRG-OS-000462-GPOS-00206, SRG-OS-000475-GPOS-00220, SRG-OS-000057-GPO
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61893r926670_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258228" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258228" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16211,7 +16078,45 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-61894r926673_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258229" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258229" />
+          </xccdf:check>
+        </xccdf:Rule>
+      </xccdf:Group>
+      <xccdf:Group id="xccdf_mil.disa.stig_group_V-258230">
+        <xccdf:title>SRG-OS-000033-GPOS-00014</xccdf:title>
+        <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-258230r1155585_rule" severity="high" weight="10.0">
+          <xccdf:version>RHEL-09-671010</xccdf:version>
+          <xccdf:title>RHEL 9 must enable FIPS mode.</xccdf:title>
+          <xccdf:description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. This includes NIST FIPS-validated cryptography for the following: Provisioning digital signatures, generating cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+
+Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
+          <xccdf:reference>
+            <dc:title>DPMS Target Red Hat Enterprise Linux 9</dc:title>
+            <dc:publisher>DISA</dc:publisher>
+            <dc:type>DPMS Target</dc:type>
+            <dc:subject>Red Hat Enterprise Linux 9</dc:subject>
+            <dc:identifier>5551</dc:identifier>
+          </xccdf:reference>
+          <xccdf:ident system="http://cyber.mil/cci">CCI-000068</xccdf:ident>
+          <xccdf:ident system="http://cyber.mil/cci">CCI-000877</xccdf:ident>
+          <xccdf:ident system="http://cyber.mil/cci">CCI-002418</xccdf:ident>
+          <xccdf:ident system="http://cyber.mil/cci">CCI-002450</xccdf:ident>
+          <xccdf:fixtext fixref="F-61895r1155584_fix">Configure the operating system to implement FIPS mode with the following command
+
+$ sudo fips-mode-setup --enable
+
+To ensure the kernel enables FIPS mode for early boot, "fips=1" must be added to the grub config:
+$ sudo grubby --update-kernel=ALL --args="fips=1"
+
+Verify the setting with the following command:
+$ cat /proc/cmdline
+BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-570.21.1.el9_6.x86_64 root=/dev/mapper/rhel-root ro resume=/dev/mapper/rhel-swap rd.luks.uuid=luks-cd37eb8d-a2c3-4671-96ee-1e6a3a681561 rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 boot=UUID=acbbb4ee-adc0-4cb2-9546-afab857b8849 audit_backlog_limit=8192 crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M
+
+Reboot the system for the changes to take effect.</xccdf:fixtext>
+          <xccdf:fix id="F-61895r1155584_fix" />
+          <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258230" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16239,7 +16144,7 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion
           <xccdf:fixtext fixref="F-61896r926679_fix">Lock all interactive user accounts not using SHA-512 hashing until the passwords can be regenerated with SHA-512.</xccdf:fixtext>
           <xccdf:fix id="F-61896r926679_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258231" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258231" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16266,7 +16171,7 @@ Add the following line to "/etc/ipsec.conf":
 include /etc/crypto-policies/back-ends/libreswan.config</xccdf:fixtext>
           <xccdf:fix id="F-61897r926682_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258232" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258232" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16297,7 +16202,7 @@ Edit/modify the following line in the "/etc/pam.d/password-auth" file to include
 password sufficient pam_unix.so sha512</xccdf:fixtext>
           <xccdf:fix id="F-61898r926685_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258233" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258233" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16325,7 +16230,7 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
 $ sudo dnf -y install crypto-policies</xccdf:fixtext>
           <xccdf:fix id="F-61899r1051249_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258234" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258234" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16363,7 +16268,7 @@ Setting system policy to FIPS
 Note: Systemwide crypto policies are applied on application startup. It is recommended to restart the system for the change of policies to fully take place.</xccdf:fixtext>
           <xccdf:fix id="F-61901r1051252_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258236" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258236" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16397,14 +16302,14 @@ Add the following line to the "options" section in "/etc/named.conf":
 include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
           <xccdf:fix id="F-61907r926712_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258242" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:258242" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-270175">
         <xccdf:title>SRG-OS-000080-GPOS-00048</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-270175r1117265_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-270175r1137691_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-232103</xccdf:version>
           <xccdf:title>RHEL 9 "/etc/audit/" must be owned by root.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -16421,14 +16326,14 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
 $ sudo chown root /etc/audit/</xccdf:fixtext>
           <xccdf:fix id="F-74109r1044963_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270175" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270175" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-270176">
         <xccdf:title>SRG-OS-000080-GPOS-00048</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-270176r1117265_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-270176r1137691_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-232104</xccdf:version>
           <xccdf:title>RHEL 9 "/etc/audit/" must be group-owned by root.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The "/etc/audit/" directory contains files that ensure the proper auditing of command execution, privilege escalation, file manipulation, and more. Protection of this directory is critical for system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
@@ -16445,7 +16350,7 @@ $ sudo chown root /etc/audit/</xccdf:fixtext>
 $ sudo chgrp root /etc/audit/</xccdf:fixtext>
           <xccdf:fix id="F-74110r1044966_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270176" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270176" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16485,7 +16390,7 @@ Setting system policy to FIPS
 Note: Systemwide crypto policies are applied on application startup. It is recommended to restart the system for the change of policies to fully take place.</xccdf:fixtext>
           <xccdf:fix id="F-74111r1051236_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270177" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270177" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16525,7 +16430,7 @@ Setting system policy to FIPS
 Note: Systemwide crypto policies are applied on application startup. It is recommended to restart the system for the change of policies to fully take place.</xccdf:fixtext>
           <xccdf:fix id="F-74112r1051242_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270178" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270178" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -16567,14 +16472,14 @@ Once it is determined the allow list is built correctly, set the "fapolicyd" to
 permissive = 0</xccdf:fixtext>
           <xccdf:fix id="F-74114r1045181_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270180" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:270180" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-272488">
         <xccdf:title>SRG-OS-000304-GPOS-00121</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-272488r1082178_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-272488r1155665_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-215101</xccdf:version>
           <xccdf:title>RHEL 9 must have the Postfix package installed.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Postfix is a free, open-source mail transfer agent (MTA) that sends and receives emails. It is a server-side application that can be used to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups. Postfix supports protocols such as LDAP, SMTP AUTH (SASL), and TLS. It uses the Simple Mail Transfer Protocol (SMTP) to transfer emails between servers.
@@ -16593,14 +16498,14 @@ Satisfies: SRG-OS-000304-GPOS-00121, SRG-OS-000343-GPOS-00134, SRG-OS-000363-GPO
 $ sudo dnf install postfix</xccdf:fixtext>
           <xccdf:fix id="F-76447r1082177_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:272488" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:272488" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-272496">
         <xccdf:title>SRG-OS-000445-GPOS-00199</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-272496r1134956_rule" severity="medium" weight="10.0">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-272496r1155582_rule" severity="medium" weight="10.0">
           <xccdf:version>RHEL-09-431016</xccdf:version>
           <xccdf:title>RHEL 9 must elevate the SELinux context when an administrator calls the sudo command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
@@ -16634,18 +16539,18 @@ Remove any configurations that conflict with the above from the following locati
 /etc/sudoers.d/</xccdf:fixtext>
           <xccdf:fix id="F-76453r1082183_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref href="U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:272496" />
+            <xccdf:check-content-ref href="U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" name="oval:mil.disa.stig.rhel9os:def:272496" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
     </xccdf:Benchmark>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-oval.xml" timestamp="2025-09-27T23:04:04.074-04:00">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-oval.xml" timestamp="2026-01-05T14:28:52.220-05:00">
     <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">
       <generator>
-        <oval:product_name>Security Content Tool 1.6.0</oval:product_name>
+        <oval:product_name>Security Content Tool 1.7.0</oval:product_name>
         <oval:schema_version>5.11</oval:schema_version>
-        <oval:timestamp>2025-09-27T11:04:04</oval:timestamp>
+        <oval:timestamp>2026-01-05T02:28:52</oval:timestamp>
       </generator>
       <definitions>
         <definition id="oval:mil.disa.stig.defs:def:204417" version="2" class="compliance">
@@ -16667,16 +16572,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:20444300" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:204611" version="3" class="compliance">
-          <metadata>
-            <title>The operating system must use a reverse-path filter for IPv4 network traffic when possible by default.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:20461100" comment="net.ipv4.conf.default.rp_filter setting in kernel is set to 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:20461100" comment="net.ipv4.conf.default.rp_filter setting in admin sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230231" version="1" class="compliance">
           <metadata>
             <title>The operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.</title>
@@ -16724,15 +16619,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:23024100" comment="package policycoreutils is installed" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230244" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23024400" comment="/etc/ssh/sshd_config:ClientAliveCountMax = 1" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230245" version="1" class="compliance">
           <metadata>
             <title>The operating system /var/log/messages file must have mode 0640 or less permissive.</title>
@@ -16861,36 +16747,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:23026601" comment="kernel.kexec_load_disabled setting in sysctl configuration files is set to 1, and nothing else" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230268" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must enable kernel parameters to enforce discretionary access control on hardlinks.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23026800" comment="fs.protected_hardlinks setting in kernel is 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23026801" comment="fs.protected_hardlinks setting in sysctl configuration files is set to 1, and nothing else, and there are no conflicting settings in other files" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230269" version="3" class="compliance">
-          <metadata>
-            <title>The operating system must restrict access to the kernel message buffer.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23026900" comment="kernel.dmesg_restrict setting in kernel is 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23026900" comment="kernel.dmesg_restrict setting in sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230270" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must prevent kernel profiling by unprivileged users.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23027000" comment="kernel.perf_event_paranoid setting in kernel is 2" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23027001" comment="kernel.perf_event_paranoid setting in sysctl configuration files is set to 2, and nothing else, and there are no conflicting settings in other files" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230271" version="1" class="compliance">
           <metadata>
             <title>The operating system must require users to provide a password for privilege escalation.</title>
@@ -16940,16 +16796,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:23027901" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230280" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23028000" comment="kernel.randomize_va_space setting in kernel is 2" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23028000" comment="kernel.randomize_va_space setting in sysctl configuration files is set to 2" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230281" version="1" class="compliance">
           <metadata>
             <title>YUM must remove all software components after updated versions have been installed on the operating system.</title>
@@ -17121,14 +16967,13 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:23031002" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230311" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:230311" version="3" class="compliance">
           <metadata>
             <title>The operating system must disable the kernel.core_pattern.</title>
             <description />
           </metadata>
           <criteria>
             <criterion test_ref="oval:mil.disa.stig.unix:tst:23031100" comment="kernel.core_pattern setting in kernel is |/bin/false" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23031100" comment="kernel.core_pattern setting in sysctl configuration files is set to |/bin/false" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.defs:def:230312" version="1" class="compliance">
@@ -17449,16 +17294,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:23037800" comment="/etc/login.defs: FAIL_DELAY = 4 or greater" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230381" version="3" class="compliance">
-          <metadata>
-            <title>The operating system must display the date and time of the last successful account logon upon logon.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23038100" comment="pam_lastlog is configured to show last successful logon" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23038101" comment="pam_lastlog is not used with the silent option" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230383" version="1" class="compliance">
           <metadata>
             <title>The operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.</title>
@@ -18441,15 +18276,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.unix:tst:23053200" comment="debug-shell.service is masked" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230533" version="1" class="compliance">
-          <metadata>
-            <title>The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for the operating system operational support.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.linux:tst:23053300" comment="The tftp-server package is absent." />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:230534" version="1" class="compliance">
           <metadata>
             <title>The root account must be the only account having unrestricted access to the operating system system.</title>
@@ -18459,146 +18285,25 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.unix:tst:23053400" comment="Only the root account has a UID of zero." />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230535" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:230546" version="2" class="compliance">
           <metadata>
-            <title>The operating system must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
+            <title>The operating system must restrict usage of ptrace to descendant processes.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053500" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23053500" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054600" comment="kernel.yama.ptrace_scope setting in kernel is set to 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230536" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:230550" version="2" class="compliance">
           <metadata>
-            <title>The operating system must not send Internet Control Message Protocol (ICMP) redirects.</title>
+            <title>The operating system must be configured to prevent unrestricted mail relaying.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053600" comment="net.ipv4.conf.all.send_redirects setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23053600" comment="net.ipv4.conf.all.send_redirects setting in sysctl configuration files is set to 0" />
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:23055001" comment="/etc/postfix/main.cf: smtpd_client_restrictions = permit_mynetworks,reject" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230537" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053700" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23053700" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230538" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must not forward IPv6 source-routed packets.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053800" comment="net.ipv6.conf.all.accept_source_route setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23053801" comment="net.ipv6.conf.all.accept_source_route setting in sysctl configuration files is set to 0, and nothing else" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230539" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must not forward IPv6 source-routed packets by default.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053902" comment="net.ipv6.conf.default.accept_source_route setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23053903" comment="net.ipv6.conf.default.accept_source_route setting in sysctl configuration files is set to 0, and nothing else" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230540" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must not enable IPv6 packet forwarding unless the system is a router.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054000" comment="net.ipv6.conf.all.forwarding setting in sysctl configuration files is set to 0" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054000" comment="net.ipv6.conf.all.forwarding setting in kernel is 0" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230542" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must not accept router advertisements on all IPv6 interfaces by default.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25312000" comment="net.ipv6.conf.default.accept_ra setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25312001" comment="net.ipv6.conf.default.accept_ra setting in sysctl configuration files is set to 0, and nothing else" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230543" version="3" class="compliance">
-          <metadata>
-            <title>The operating system must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054300" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054301" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230544" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054400" comment="net.ipv6.conf.all.accept_redirects setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054401" comment="net.ipv6.conf.all.accept_redirects setting in sysctl configuration files is set to 0, and nothing else" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230545" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must disable access to network bpf syscall from unprivileged processes.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054500" comment="kernel.unprivileged_bpf_disabled setting in kernel is '1'." />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054501" comment="kernel.unprivileged_bpf_disabled setting is set to '1' without conflicting settings in other files" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230546" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must restrict usage of ptrace to descendant  processes.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054600" comment="kernel.yama.ptrace_scope setting in kernel is set to 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054601" comment="kernel.yama.ptrace_scope in sysctl configuration files is set to 1, and nothing else, and there are no conflicting settings in other files" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230548" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must disable the use of user namespaces.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054800" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054801" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230549" version="5" class="compliance">
-          <metadata>
-            <title>The operating system must use reverse path filtering on all IPv4 interfaces.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23054900" comment="net.ipv4.conf.all.rp_filter setting in sysctl configuration files is set to 1 or 2" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054900" comment="net.ipv4.conf.all.rp_filter setting in kernel is 1 or 2" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230550" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must be configured to prevent unrestricted mail relaying.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23055001" comment="/etc/postfix/main.cf: smtpd_client_restrictions = permit_mynetworks,reject" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:230553" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:230553" version="1" class="compliance">
           <metadata>
             <title>The graphical display manager must not be installed on the operating system unless approved.</title>
             <description />
@@ -18707,16 +18412,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:23827800" comment="Audit invocations of /usr/bin/sudoedit" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:238333" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must be configured to use TCP syncookies.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23833300" comment="net.ipv4.tcp_syncookies setting in kernel to 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23833301" comment="net.ipv4.tcp_syncookies setting in sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:244519" version="1" class="compliance">
           <metadata>
             <title>The operating system must display a banner before granting local or remote access to the system via a graphical user logon.</title>
@@ -18841,34 +18536,40 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:24454900" comment="SSH is installed" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:244550" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:248577" version="2" class="compliance">
           <metadata>
-            <title>The operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
+            <title>The operating system must enable kernel parameters to enforce discretionary access control on symlinks.</title>
             <description />
           </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455000" comment="net.ipv4.conf.default.accept_redirects setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:24455001" comment="net.ipv4.conf.default.accept_redirects setting in acceptable directory is set to 0, and nothing else, and it only appears once" />
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24857700" comment="fs.protected_symlinks setting in kernel is 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:244552" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:248578" version="1" class="compliance">
           <metadata>
-            <title>The operating system must not forward IPv4 source-routed packets by default.</title>
+            <title>The operating system must enable kernel parameters to enforce discretionary access control on hardlinks.</title>
             <description />
           </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455200" comment="net.ipv4.conf.default.accept_source_route setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:24455201" comment="net.ipv4.conf.default.accept_source_route setting in acceptable directory is set to 0, and nothing else, and there are no conflicting settings in other files" />
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24857800" comment="fs.protected_hardlinks setting in kernel is 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:244554" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:248579" version="1" class="compliance">
           <metadata>
-            <title>The operating system must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title>
+            <title>The operating system must restrict access to the kernel message buffer.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455400" comment="net.core.bpf_jit_harden is set to 2 in kernel" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:24455401" comment="net.core.bpf_jit_harden is set to 2 in the sysctl configuration files." />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24857900" comment="kernel.dmesg_restrict setting in kernel is 1" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:248580" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must prevent kernel profiling by unprivileged users.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24858000" comment="kernel.perf_event_paranoid setting in kernel is 2" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.defs:def:248774" version="1" class="compliance">
@@ -18881,6 +18582,15 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:24877401" comment="Audit 64-bit invocations of rmdir" />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.defs:def:248882" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must not forward IPv6 source-routed packets by default.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24888202" comment="net.ipv6.conf.default.accept_source_route setting in kernel is 0" />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.defs:def:251706" version="1" class="compliance">
           <metadata>
             <title>The operating system operating system must not have accounts configured with blank or null passwords.</title>
@@ -18926,15 +18636,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25171300" comment="system-auth pam_pwquality" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:251714" version="1" class="compliance">
-          <metadata>
-            <title>Systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25171400" comment="/etc/pam.d/system-auth:retry not greater than 3 and not 0" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:251718" version="1" class="compliance">
           <metadata>
             <title>The graphical display manager must not be the default target on the operating system unless approved.</title>
@@ -19044,6 +18745,15 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25303803" />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.defs:def:257258" version="1" class="compliance">
+          <metadata>
+            <title>The system must terminate idle user sessions.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25725800" comment="The system terminates idle user sessions." />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.defs:def:257777" version="1" class="compliance">
           <metadata>
             <title>The operating system must be a vendor-supported release.</title>
@@ -19109,24 +18819,13 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.unix:tst:25779100" comment="/boot/grub2/grub.cfg is owned by root." />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257800" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:257800" version="2" class="compliance">
           <metadata>
             <title>The operating system must restrict exposed kernel pointer addresses access.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25780000" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25780001" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257802" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must enable kernel parameters to enforce discretionary access control on symlinks.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:23026700" comment="fs.protected_symlinks setting in kernel is 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:23026701" comment="fs.protected_symlinks setting in sysctl configuration files is set to 1, and nothing else, and there are no conflicting settings in other files" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25780000" comment="kernel.kptr_restrict is set to 1" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.defs:def:257804" version="1" class="compliance">
@@ -19231,6 +18930,15 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:23055900" comment="gssproxy package is not installed" />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.defs:def:257835" version="1" class="compliance">
+          <metadata>
+            <title>The TFTP daemon must be configured to operate in secure mode.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:24890200" comment="/usr/lib/systemd/system/tftp.service: ExecStart has a -s option with a subdirectory assigned" />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.defs:def:257836" version="1" class="compliance">
           <metadata>
             <title>The operating system must not have the quagga package installed.</title>
@@ -19612,76 +19320,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:25795400" comment="libreswan package is installed" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257958" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455300" comment="net.ipv4.conf.all.accept_redirects setting in kernel to 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25795800" comment="net.ipv4.conf.all.accept_redirects setting in sysctl configuration files is set to 0" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257959" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must not forward IPv4 source-routed packets.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25795900" comment="net.ipv4.conf.all.accept_source_routesetting in kernel is set to 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25795900" comment="net.ipv4.conf.all.accept_source_route setting in sysctl configuration files is set to 0" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257960" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must log IPv4 packets with impossible addresses.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796000" comment="net.ipv4.conf.all.log_martians setting in kernel to 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25796001" comment="net.ipv4.conf.all.log_martians setting in sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257961" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must log IPv4 packets with impossible addresses by default.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796100" comment="net.ipv4.conf.default.log_martians setting in kernel is 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25796100" comment="net.ipv4.conf.default.log_martians setting in sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257967" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796700" comment="net.ipv4.icmp_ignore_bogus_error_responses setting in kernel is 1" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25796700" comment="net.ipv4.icmp_ignore_bogus_error_responses setting in sysctl configuration files is set to 1" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257970" version="1" class="compliance">
-          <metadata>
-            <title>The operating system must not enable IPv4 packet forwarding unless the system is a router.</title>
-            <description />
-          </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25797000" comment="net.ipv4.conf.all.forwarding setting in kernel is 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25797001" comment="net.ipv4.conf.all.forwarding setting in acceptable directory is set to 0, and nothing else, and there are no conflicting settings in other files" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.defs:def:257971" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must not accept router advertisements on all IPv6 interfaces.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25797100" comment="net.ipv6.conf.all.accept_ra setting in sysctl configuration files is set to 0" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25797100" comment="net.ipv6.conf.all.accept_ra setting in kernel is set to 0" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:257979" version="2" class="compliance">
           <metadata>
             <title>All the operating system networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.</title>
@@ -19833,9 +19471,9 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25800500" comment="/etc/ssh/sshd_config and /etc/ssh/sshd_config.d/*:IgnoreRhosts == yes" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258006" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:258006" version="2" class="compliance">
           <metadata>
-            <title>The operating system SSH daemon must not allow authentication using known host’s authentication.</title>
+            <title>The operating system SSH daemon must not allow authentication using known host's authentication.</title>
             <description />
           </metadata>
           <criteria operator="OR">
@@ -19888,16 +19526,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25801500" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258017" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must prevent a user from overriding the disabling of the graphical user interface autorun function.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25801700" comment="check that /etc/dconf/profile/user:system-db is at minimum set to local" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25801701" comment="Check that the automount setting is locked from nonprivileged user modification" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:258020" version="1" class="compliance">
           <metadata>
             <title>The operating system must prevent a user from overriding the disabling of the graphical user smart card removal action.</title>
@@ -19908,16 +19536,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25802000" comment="/org/gnome/settings-daemon/peripherals/smartcard/removal-action in dconf user database locks directories exists" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258023" version="2" class="compliance">
-          <metadata>
-            <title>The operating system must automatically lock graphical user sessions after 15 minutes of inactivity.</title>
-            <description />
-          </metadata>
-          <criteria operator="OR">
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25802300" negate="true" comment="gnome session idle delay does not exist" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25802301" negate="true" comment="gnome session idle delay correct" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:258026" version="1" class="compliance">
           <metadata>
             <title>The operating system must prevent a user from overriding the session lock-delay setting for the graphical user interface.</title>
@@ -20074,15 +19692,6 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25807500" comment="/etc/profile:umask == 077" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258077" version="1" class="compliance">
-          <metadata>
-            <title>The system must terminate idle user sessions.</title>
-            <description />
-          </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25807700" comment="The system terminates idle user sessions." />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.defs:def:258082" version="1" class="compliance">
           <metadata>
             <title>The operating system policycoreutils-python-utils package must be installed.</title>
@@ -20139,6 +19748,15 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:25808900" comment="fapolicyd package is installed" />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258091" version="1" class="compliance">
+          <metadata>
+            <title>Systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25809100" comment="/etc/security/pwquality.conf:retry not greater than 3 and not 0" />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.defs:def:258099" version="2" class="compliance">
           <metadata>
             <title>The operating system password-auth must be configured to use a sufficient number of hashing rounds.</title>
@@ -20324,250 +19942,485 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.ind:tst:25815500" comment="Audit file system total space &gt;= 10GiB" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258158" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:258158" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25815800" comment="/etc/audit/auditd.conf: admin_space_left = 5%" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258159" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25815900" comment="/etc/audit/auditd.conf: admin_space_left_action = SINGLE" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258160" version="1" class="compliance">
+          <metadata>
+            <title>The operating system audit system must take appropriate action when the audit files have reached maximum size.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25816000" comment="/etc/audit/auditd.conf: max_log_file_action is ROTATE or SINGLE" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258168" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must periodically flush audit records to disk to prevent the loss of audit records.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25816800" comment="/etc/audit/auditd.conf: freq = 1-100" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258170" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must write audit records to disk.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25817000" comment="/etc/audit/auditd.conf: write_logs = yes" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258175" version="1" class="compliance">
+          <metadata>
+            <title>The operating system audispd-plugins package must be installed.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.linux:tst:25817500" comment="audispd-plugins package is installed" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258211" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the init command in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821100" comment="Audit invocations of /usr/sbin/init" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258212" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the poweroff command in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821200" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258213" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the reboot command in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821300" comment="Audit invocations of /usr/sbin/reboot" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258214" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the shutdown command in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821400" comment="Audit invocations of /usr/sbin/shutdown" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258215" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the umount system call in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821500" comment="Audit 32-bit invocations of umount syscall" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258216" version="1" class="compliance">
+          <metadata>
+            <title>Successful/unsuccessful uses of the umount2 system call in the operating system must generate an audit record.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821600" comment="Audit 32-bit invocations of umount2 syscall" />
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821601" comment="Audit 64-bit invocations of umount2 syscall" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258224" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25822400" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258227" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must take appropriate action when a critical audit processing failure occurs.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25822700" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258230" version="2" class="compliance">
+          <metadata>
+            <title>The operating system must enable FIPS mode.</title>
+            <description />
+          </metadata>
+          <criteria operator="OR">
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25823000" comment="/proc/sys/crypto/fips_enabled is set to 1" />
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25823001" comment="The system-wide crypto-policy is set to FIPS" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258232" version="1" class="compliance">
+          <metadata>
+            <title>The operating system IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms.</title>
+            <description />
+          </metadata>
+          <criteria operator="OR">
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25823200" comment="ipsec.conf includes crypto-policy" />
+            <criteria>
+              <criterion test_ref="oval:mil.disa.stig.ind:tst:25823201" comment="ipsec.conf includes /etc/ipsec.d/*.conf" />
+              <criterion test_ref="oval:mil.disa.stig.ind:tst:25823202" comment="/etc/ipsec.d/*.conf includes crypto-policy" />
+            </criteria>
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258234" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must have the crypto-policies package installed.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.linux:tst:25823400" comment="crypto-policies package is installed" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258236" version="1" class="compliance">
+          <metadata>
+            <title>The operating system crypto policy must not be overridden.</title>
+            <description />
+          </metadata>
+          <criteria operator="AND">
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823600" comment="bind" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823601" comment="gnutls" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823602" comment="java" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823603" comment="javasystem" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823604" comment="krb5" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823605" comment="libreswan" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823606" comment="libssh" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823607" comment="nss" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823608" comment="openssh" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823609" comment="opensshserver" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823610" comment="opensslcnf" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823611" comment="openssl" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:258242" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must implement DOD-approved encryption in the bind package.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:25824201" comment="named.conf includes crypto-policy" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:260487" version="1" class="compliance">
+          <metadata>
+            <title>The operating system library directories must have mode 0755 or less permissive.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048700" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048701" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048702" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048703" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048704" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:270175" version="1" class="compliance">
+          <metadata>
+            <title>The operating system "/etc/audit/" must be owned by root.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:27017500" comment="/etc/audit directory is owned by root" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:270176" version="1" class="compliance">
+          <metadata>
+            <title>The operating system "/etc/audit/" must be group-owned by root.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:27017600" comment="/etc/audit directory is group-owned by root" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:270177" version="1" class="compliance">
+          <metadata>
+            <title>The operating system SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27017700" comment="openssh.config ciphers correct" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:270178" version="1" class="compliance">
+          <metadata>
+            <title>The operating system SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27017800" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:270180" version="1" class="compliance">
+          <metadata>
+            <title>The operating system fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27018000" comment="/etc/fapolicyd/fapolicyd.conf: permissive = 0" />
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27018001" comment="/etc/fapolicyd/compiled.rules: deny all" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:271709" version="1" class="compliance">
+          <metadata>
+            <title>The operating system must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27170900" comment="/etc/ssh/sshd_config:ClientAliveCountMax = 1" />
+          </criteria>
+        </definition>
+        <definition id="oval:mil.disa.stig.defs:def:271720" version="1" class="compliance">
           <metadata>
-            <title>The operating system must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.</title>
+            <title>The operating system must not allow users to override SSH environment variables.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25815800" comment="/etc/audit/auditd.conf: admin_space_left = 5%" />
+            <criterion test_ref="oval:mil.disa.stig.ind:tst:27172000" comment="Check to see if PermitUserEnvironment is set to no in /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/*.conf" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258159" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271727" version="1" class="compliance">
           <metadata>
-            <title>The operating system must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.</title>
+            <title>The operating system must disable the use of user namespaces.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25815900" comment="/etc/audit/auditd.conf: admin_space_left_action = SINGLE" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054800" comment="user.max_user_namespaces is set to 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258160" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271748" version="1" class="compliance">
           <metadata>
-            <title>The operating system audit system must take appropriate action when the audit files have reached maximum size.</title>
+            <title>The operating system must disable access to network bpf system call from nonprivileged processes.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25816000" comment="/etc/audit/auditd.conf: max_log_file_action is ROTATE or SINGLE" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054500" comment="kernel.unprivileged_bpf_disabled setting in kernel is '1'." />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258168" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271761" version="1" class="compliance">
           <metadata>
-            <title>The operating system must periodically flush audit records to disk to prevent the loss of audit records.</title>
+            <title>The operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title>
             <description />
           </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25816800" comment="/etc/audit/auditd.conf: freq = 1-100" />
+          <criteria operator="AND">
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23028000" comment="kernel.randomize_va_space setting in kernel is 2" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258170" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271768" version="1" class="compliance">
           <metadata>
-            <title>The operating system must write audit records to disk.</title>
+            <title>The operating system must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25817000" comment="/etc/audit/auditd.conf: write_logs = yes" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455400" comment="net.core.bpf_jit_harden is set to 2" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258175" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271864" version="1" class="compliance">
           <metadata>
-            <title>The operating system audispd-plugins package must be installed.</title>
+            <title>The operating system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.linux:tst:25817500" comment="audispd-plugins package is installed" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455300" comment="net.ipv4.conf.all.accept_redirects setting in kernel to 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258211" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271865" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the init command in the operating system must generate an audit record.</title>
+            <title>The operating system must not forward IPv4 source-routed packets.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821100" comment="Audit invocations of /usr/sbin/init" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25795900" comment="net.ipv4.conf.all.accept_source_routesetting in kernel is set to 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258212" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271866" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the poweroff command in the operating system must generate an audit record.</title>
+            <title>The operating system must log IPv4 packets with impossible addresses.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821200" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796000" comment="net.ipv4.conf.all.log_martians setting in kernel set to 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258213" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271867" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the reboot command in the operating system must generate an audit record.</title>
+            <title>The operating system must log IPv4 packets with impossible addresses by default.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821300" comment="Audit invocations of /usr/sbin/reboot" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796100" comment="net.ipv4.conf.default.log_martians setting in kernel is 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258214" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271868" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the shutdown command in the operating system must generate an audit record.</title>
+            <title>The operating system must use reverse path filtering on all IPv4 interfaces.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821400" comment="Audit invocations of /usr/sbin/shutdown" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:27186800" comment="net.ipv4.conf.all.rp_filter setting in kernel is 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258215" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271869" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the umount system call in the operating system must generate an audit record.</title>
+            <title>The operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
             <description />
           </metadata>
-          <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821500" comment="Audit 32-bit invocations of umount syscall" />
+          <criteria operator="AND">
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455000" comment="net.ipv4.conf.default.accept_redirects setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258216" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271870" version="1" class="compliance">
           <metadata>
-            <title>Successful/unsuccessful uses of the umount2 system call in the operating system must generate an audit record.</title>
+            <title>The operating system must not forward IPv4 source-routed packets by default.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821600" comment="Audit 32-bit invocations of umount2 syscall" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25821601" comment="Audit 64-bit invocations of umount2 syscall" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:24455200" comment="net.ipv4.conf.default.accept_source_route setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258224" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271871" version="1" class="compliance">
           <metadata>
-            <title>The operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.</title>
+            <title>The operating system must use a reverse-path filter for IPv4 network traffic, when possible, by default.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25822400" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:20461100" comment="net.ipv4.conf.default.rp_filter setting in kernel is set to 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258227" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271872" version="1" class="compliance">
           <metadata>
-            <title>The operating system must take appropriate action when a critical audit processing failure occurs.</title>
+            <title>The operating system must not enable IPv4 packet forwarding unless the system is a router.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25822700" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25797000" comment="net.ipv4.conf.all.forwarding setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258232" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271873" version="1" class="compliance">
           <metadata>
-            <title>The operating system IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms.</title>
+            <title>The operating system must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title>
             <description />
           </metadata>
-          <criteria operator="OR">
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25823200" comment="ipsec.conf includes crypto-policy" />
-            <criteria>
-              <criterion test_ref="oval:mil.disa.stig.ind:tst:25823201" comment="ipsec.conf includes /etc/ipsec.d/*.conf" />
-              <criterion test_ref="oval:mil.disa.stig.ind:tst:25823202" comment="/etc/ipsec.d/*.conf includes crypto-policy" />
-            </criteria>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053700" comment="net.ipv4.icmp_echo_ignore_broadcasts is set to 1 in kernel" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258234" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271874" version="1" class="compliance">
           <metadata>
-            <title>The operating system must have the crypto-policies package installed.</title>
+            <title>The operating system must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.linux:tst:25823400" comment="crypto-policies package is installed" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25796700" comment="net.ipv4.icmp_ignore_bogus_error_responses setting in kernel is 1" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258236" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271875" version="1" class="compliance">
           <metadata>
-            <title>The operating system crypto policy must not be overridden.</title>
+            <title>The operating system must not send Internet Control Message Protocol (ICMP) redirects.</title>
             <description />
           </metadata>
-          <criteria operator="AND">
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823600" comment="bind" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823601" comment="gnutls" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823602" comment="java" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823603" comment="javasystem" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823604" comment="krb5" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823605" comment="libreswan" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823606" comment="libssh" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823607" comment="nss" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823608" comment="openssh" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823609" comment="opensshserver" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823610" comment="opensslcnf" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:25823611" comment="openssl" />
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053600" comment="net.ipv4.conf.all.send_redirects setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:258242" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271876" version="1" class="compliance">
           <metadata>
-            <title>The operating system must implement DOD-approved encryption in the bind package.</title>
+            <title>The operating system must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:25824201" comment="named.conf includes crypto-policy" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054300" comment="net.ipv4.conf.default.send_redirects is set to 0 in kernel" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:260487" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271877" version="1" class="compliance">
           <metadata>
-            <title>The operating system library directories must have mode 0755 or less permissive.</title>
+            <title>The operating system must not accept router advertisements on all IPv6 interfaces.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048700" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048701" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048702" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048703" />
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:26048704" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25797100" comment="net.ipv6.conf.all.accept_ra setting in kernel is set to 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:270175" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271878" version="1" class="compliance">
           <metadata>
-            <title>The operating system "/etc/audit/" must be owned by root.</title>
+            <title>The operating system must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:27017500" comment="/etc/audit directory is owned by root" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054400" comment="net.ipv6.conf.all.accept_redirects setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:270176" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271879" version="1" class="compliance">
           <metadata>
-            <title>The operating system "/etc/audit/" must be group-owned by root.</title>
+            <title>The operating system must not forward IPv6 source-routed packets.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.unix:tst:27017600" comment="/etc/audit directory is group-owned by root" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053800" comment="net.ipv6.conf.all.accept_source_route setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:270177" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271880" version="1" class="compliance">
           <metadata>
-            <title>The operating system SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections.</title>
+            <title>The operating system must not enable IPv6 packet forwarding unless the system is a router.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:27017700" comment="openssh.config ciphers correct" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23054000" comment="net.ipv6.conf.all.forwarding setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:270178" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271881" version="1" class="compliance">
           <metadata>
-            <title>The operating system SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections.</title>
+            <title>The operating system must not accept router advertisements on all IPv6 interfaces by default.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:27017800" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:25312000" comment="net.ipv6.conf.default.accept_ra setting in kernel is 0" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:270180" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271882" version="1" class="compliance">
           <metadata>
-            <title>The operating system fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.</title>
+            <title>The operating system must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:27018000" comment="/etc/fapolicyd/fapolicyd.conf: permissive = 0" />
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:27018001" comment="/etc/fapolicyd/compiled.rules: deny all" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23053500" comment="net.ipv6.conf.default.accept_redirects is set to 0 in kernel" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.defs:def:271720" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.defs:def:271884" version="2" class="compliance">
           <metadata>
-            <title>The operating system must not allow users to override SSH environment variables.</title>
+            <title>The operating system must be configured to use TCP syncookies.</title>
             <description />
           </metadata>
           <criteria>
-            <criterion test_ref="oval:mil.disa.stig.ind:tst:27172000" comment="Check to see if PermitUserEnvironment is set to no in /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/*.conf" />
+            <criterion test_ref="oval:mil.disa.stig.unix:tst:23833300" comment="net.ipv4.tcp_syncookies setting in kernel to 1" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.defs:def:272488" version="1" class="compliance">
@@ -20615,6 +20468,15 @@ Remove any configurations that conflict with the above from the following locati
             <criterion test_ref="oval:mil.disa.stig.linux:tst:23055000" comment="The postifx package is installed." />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.defs:def:25795200" version="1" class="compliance">
+          <metadata>
+            <title>The Trivial File Transfer Protocol (TFTP) server package is installed.</title>
+            <description />
+          </metadata>
+          <criteria>
+            <criterion test_ref="oval:mil.disa.stig.linux:tst:25795201" comment="The tftp-server package is installed." />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.defs:def:25823200" version="1" class="inventory">
           <metadata>
             <title>The libreswan package is installed.</title>
@@ -20916,7 +20778,7 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230468" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257797" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257797" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213010 - RHEL 9 must restrict access to the kernel message buffer.</title>
             <affected family="unix">
@@ -20933,10 +20795,10 @@ Restricting access to the kernel message buffer limits access to only root. This
 Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230269" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:248579" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257798" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257798" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213015 - RHEL 9 must prevent kernel profiling by nonprivileged users.</title>
             <affected family="unix">
@@ -20953,7 +20815,7 @@ Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attacker
 Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230270" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:248580" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257799" version="1" class="compliance">
@@ -20986,7 +20848,7 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPO
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257800" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257801" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257801" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213030 - RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.</title>
             <affected family="unix">
@@ -20997,10 +20859,10 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPO
 Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230268" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:248578" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257802" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257802" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-213035 - RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks.</title>
             <affected family="unix">
@@ -21011,7 +20873,7 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
 Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257802" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:248577" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257803" version="1" class="compliance">
@@ -21094,7 +20956,7 @@ The Transparent Inter Process Communication (TIPC) is a protocol that is special
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230497" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257809" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257809" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213070 - RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title>
             <affected family="unix">
@@ -21105,10 +20967,10 @@ The Transparent Inter Process Communication (TIPC) is a protocol that is special
 Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230280" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271761" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257810" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257810" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213075 - RHEL 9 must disable access to network bpf system call from nonprivileged processes.</title>
             <affected family="unix">
@@ -21119,7 +20981,7 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227</description>
 Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230545" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271748" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257811" version="2" class="compliance">
@@ -21186,7 +21048,7 @@ Enabling core dumps on production systems is not recommended; however, there may
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230312" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257816" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257816" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-213105 - RHEL 9 must disable the use of user namespaces.</title>
             <affected family="unix">
@@ -21195,7 +21057,7 @@ Enabling core dumps on production systems is not recommended; however, there may
             <description>User namespaces are used primarily for Linux containers. The value "0" disallows the use of user namespaces.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230548" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271727" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257818" version="1" class="compliance">
@@ -21408,18 +21270,20 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230561" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257835" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257835" version="2" class="compliance">
           <metadata>
-            <title>RHEL-09-215060 - RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.</title>
+            <title>RHEL-09-215060 - The Trivial File Transfer Protocol (TFTP) server must not be installed unless it is required, and if required, the RHEL 9 TFTP daemon must be configured to operate in secure mode.</title>
             <affected family="unix">
               <platform>Red Hat Enterprise Linux 9</platform>
             </affected>
             <description>Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services.
 
-If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.</description>
+If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.
+
+Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230533" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257835" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257836" version="1" class="compliance">
@@ -22618,7 +22482,7 @@ If the system is being used to perform a network troubleshooting function, the u
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230554" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257942" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257942" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-251045 - RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.</title>
             <affected family="unix">
@@ -22627,7 +22491,7 @@ If the system is being used to perform a network troubleshooting function, the u
             <description>When hardened, the extended Berkeley Packet Filter (BPF) just-in-time (JIT) compiler will randomize any kernel addresses in the BPF programs and maps, and will not expose the JIT addresses in "/proc/kallsyms".</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:244554" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271768" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257943" version="1" class="compliance">
@@ -22772,7 +22636,7 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230284" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257957" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257957" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-253010 - RHEL 9 must be configured to use TCP syncookies.</title>
             <affected family="unix">
@@ -22785,10 +22649,10 @@ Managing excess capacity ensures that sufficient capacity is available to counte
 Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00071</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:238333" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271884" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257958" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257958" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</title>
             <affected family="unix">
@@ -22799,10 +22663,10 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPO
 This feature of the IPv4 protocol has few legitimate uses. It should be disabled unless absolutely required.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257958" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271864" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257959" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257959" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-253020 - RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title>
             <affected family="unix">
@@ -22813,10 +22677,10 @@ This feature of the IPv4 protocol has few legitimate uses. It should be disabled
 Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It must be disabled unless it is absolutely required.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257959" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271865" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257960" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257960" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-253025 - RHEL 9 must log IPv4 packets with impossible addresses.</title>
             <affected family="unix">
@@ -22825,10 +22689,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
             <description>The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257960" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271866" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257961" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257961" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default.</title>
             <affected family="unix">
@@ -22837,10 +22701,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
             <description>The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257961" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271867" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257962" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257962" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253035 - RHEL 9 must use reverse path filtering on all IPv4 interfaces.</title>
             <affected family="unix">
@@ -22849,10 +22713,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
             <description>Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230549" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271868" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257963" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257963" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253040 - RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
             <affected family="unix">
@@ -22863,10 +22727,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
 This feature of the IPv4 protocol has few legitimate uses. It must be disabled unless absolutely required.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:244550" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271869" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257964" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257964" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default.</title>
             <affected family="unix">
@@ -22877,10 +22741,10 @@ This feature of the IPv4 protocol has few legitimate uses. It must be disabled u
 Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It must be disabled unless it is absolutely required, such as when IPv4 forwarding is enabled and the system is legitimately functioning as a router.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:244552" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271870" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257965" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257965" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253050 - RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.</title>
             <affected family="unix">
@@ -22889,10 +22753,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
             <description>Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:204611" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271871" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257966" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257966" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253055 - RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title>
             <affected family="unix">
@@ -22903,10 +22767,10 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
 Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses makes the system slightly more difficult to enumerate on the network.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230537" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271873" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257967" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257967" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253060 - RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title>
             <affected family="unix">
@@ -22915,10 +22779,10 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
             <description>Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257967" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271874" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257968" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257968" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253065 - RHEL 9 must not send Internet Control Message Protocol (ICMP) redirects.</title>
             <affected family="unix">
@@ -22929,10 +22793,10 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
 The ability to send ICMP redirects is only appropriate for systems acting as routers.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230536" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271875" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257969" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257969" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-253070 - RHEL 9 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title>
             <affected family="unix">
@@ -22943,10 +22807,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
 The ability to send ICMP redirects is only appropriate for systems acting as routers.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230543" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271876" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257970" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257970" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-253075 - RHEL 9 must not enable IPv4 packet forwarding unless the system is a router.</title>
             <affected family="unix">
@@ -22955,10 +22819,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257970" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271872" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257971" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257971" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-254010 - RHEL 9 must not accept router advertisements on all IPv6 interfaces.</title>
             <affected family="unix">
@@ -22967,10 +22831,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>An illicit router advertisement message could result in a man-in-the-middle attack.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257971" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271877" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257972" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257972" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254015 - RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title>
             <affected family="unix">
@@ -22979,10 +22843,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>An illicit ICMP redirect message could result in a man-in-the-middle attack.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230544" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271878" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257973" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257973" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254020 - RHEL 9 must not forward IPv6 source-routed packets.</title>
             <affected family="unix">
@@ -22991,10 +22855,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230538" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271879" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257974" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257974" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254025 - RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.</title>
             <affected family="unix">
@@ -23003,10 +22867,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>IP forwarding permits the kernel to forward packets from one network interface to another. The ability to forward packets between two networks is only appropriate for systems acting as routers.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230540" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271880" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257975" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257975" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254030 - RHEL 9 must not accept router advertisements on all IPv6 interfaces by default.</title>
             <affected family="unix">
@@ -23015,10 +22879,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>An illicit router advertisement message could result in a man-in-the-middle attack.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230542" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271881" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257976" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257976" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254035 - RHEL 9 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
             <affected family="unix">
@@ -23027,10 +22891,10 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
             <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230535" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271882" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257977" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257977" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-254040 - RHEL 9 must not forward IPv6 source-routed packets by default.</title>
             <affected family="unix">
@@ -23041,7 +22905,7 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
 Accepting source-routed packets in the IPv6 protocol has few legitimate uses. It must be disabled unless it is absolutely required.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230539" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:248882" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257978" version="1" class="compliance">
@@ -23254,7 +23118,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000033-GPOS-00014, SRG-OS-000424-GPO
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230527" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:257995" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:257995" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-255095 - RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.</title>
             <affected family="unix">
@@ -23269,7 +23133,7 @@ RHEL 9 utilizes /etc/ssh/sshd_config for configurations of OpenSSH. Within the s
 Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230244" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:271709" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:257996" version="2" class="compliance">
@@ -23510,20 +23374,6 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258015" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258017" version="1" class="compliance">
-          <metadata>
-            <title>RHEL-09-271035 - RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.</title>
-            <affected family="unix">
-              <platform>Red Hat Enterprise Linux 9</platform>
-            </affected>
-            <description>Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
-
-Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227</description>
-          </metadata>
-          <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258017" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:258018" version="1" class="compliance">
           <metadata>
             <title>RHEL-09-271040 - RHEL 9 must not allow unattended or automatic logon via the graphical user interface.</title>
@@ -23586,20 +23436,6 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:244539" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258023" version="2" class="compliance">
-          <metadata>
-            <title>RHEL-09-271065 - RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.</title>
-            <affected family="unix">
-              <platform>Red Hat Enterprise Linux 9</platform>
-            </affected>
-            <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock.
-
-Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
-          </metadata>
-          <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258023" />
-          </criteria>
-        </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:258024" version="1" class="compliance">
           <metadata>
             <title>RHEL-09-271070 - RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.</title>
@@ -24060,19 +23896,7 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258075" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258076" version="1" class="compliance">
-          <metadata>
-            <title>RHEL-09-412075 - RHEL 9 must display the date and time of the last successful account logon upon logon.</title>
-            <affected family="unix">
-              <platform>Red Hat Enterprise Linux 9</platform>
-            </affected>
-            <description>Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.</description>
-          </metadata>
-          <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230381" />
-          </criteria>
-        </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258077" version="2" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:258077" version="3" class="compliance">
           <metadata>
             <title>RHEL-09-412080 - RHEL 9 must terminate idle user sessions.</title>
             <affected family="unix">
@@ -24081,7 +23905,7 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
             <description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258077" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:257258" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:258078" version="1" class="compliance">
@@ -24268,7 +24092,7 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:244545" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258091" version="1" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:258091" version="2" class="compliance">
           <metadata>
             <title>RHEL-09-611010 - RHEL 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.</title>
             <affected family="unix">
@@ -24278,12 +24102,12 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
 
 RHEL 9 uses "pwquality" as a mechanism to enforce password complexity. This is set in both:
 /etc/pam.d/password-auth
-/etc/pam.d/system-auth
+/etc/security/pwquality.conf
 
 By limiting the number of attempts to meet the pwquality module complexity requirements before returning with an error, the system will audit abnormal attempts at password changes.</description>
           </metadata>
           <criteria>
-            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:251714" />
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258091" />
           </criteria>
         </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:258094" version="1" class="compliance">
@@ -24499,13 +24323,13 @@ The DOD minimum password requirement is 15 characters.</description>
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230357" />
           </criteria>
         </definition>
-        <definition id="oval:mil.disa.stig.rhel9os:def:258112" version="3" class="compliance">
+        <definition id="oval:mil.disa.stig.rhel9os:def:258112" version="4" class="compliance">
           <metadata>
             <title>RHEL-09-611115 - RHEL 9 must require the change of at least eight characters when passwords are changed.</title>
             <affected family="unix">
               <platform>Red Hat Enterprise Linux 9</platform>
             </affected>
-            <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute–force attacks. 
+            <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute force attacks. 
 
 Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised. Requiring a minimum number of different characters during password changes ensures that newly changed passwords will not resemble previously compromised ones. Note that passwords changed on compromised systems will still be compromised.</description>
           </metadata>
@@ -26189,6 +26013,20 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
             <extend_definition definition_ref="oval:mil.disa.stig.defs:def:230402" />
           </criteria>
         </definition>
+        <definition id="oval:mil.disa.stig.rhel9os:def:258230" version="2" class="compliance">
+          <metadata>
+            <title>RHEL-09-672582300 - RHEL 9 must enable FIPS mode.</title>
+            <affected family="unix">
+              <platform>Red Hat Enterprise Linux 9</platform>
+            </affected>
+            <description>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. This includes NIST FIPS-validated cryptography for the following: Provisioning digital signatures, generating cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+
+Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223</description>
+          </metadata>
+          <criteria>
+            <extend_definition definition_ref="oval:mil.disa.stig.defs:def:258230" />
+          </criteria>
+        </definition>
         <definition id="oval:mil.disa.stig.rhel9os:def:258231" version="1" class="compliance">
           <metadata>
             <title>RHEL-09-671015 - RHEL 9 must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords.</title>
@@ -26417,10 +26255,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:20441701" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20441701" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:20461100" version="2" check="all" comment="net.ipv4.conf.default.rp_filter setting in sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:20461102" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23023100" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/login.defs:ENCRYPT_METHOD &gt;= SHA512">
           <object object_ref="oval:mil.disa.stig.ind:obj:23023100" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23023100" />
@@ -26439,10 +26273,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:23024001" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23024001" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23024400" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/ssh/sshd_config:ClientAliveCountMax = 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23024400" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23026400" version="1" check_existence="all_exist" check="all" comment="Every /etc/yum.repos.d/*.repo:[{reponame}] has a gpgcheck set to 1.">
           <object object_ref="oval:mil.disa.stig.ind:obj:23026400" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23026400" />
@@ -26459,22 +26289,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:23026603" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23026701" version="1" check_existence="at_least_one_exists" check="all" comment="fs.protected_symlinks setting in sysctl configuration files is set to 1, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23026703" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23026801" version="3" check_existence="at_least_one_exists" check="all" comment="fs.protected_hardlinks setting in /etc/sysctl.d/99-sysctl.conf is set to 1, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23026803" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:23026801" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23026900" version="3" check_existence="at_least_one_exists" check="all" comment="kernel.dmesg_restrict setting in system sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23026902" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23027001" version="1" check_existence="at_least_one_exists" check="all" comment="kernel.perf_event_paranoid setting in /etc/sysctl.d/99-*.conf is set to 2, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23027003" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000004" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23027100" version="1" check_existence="none_exist" check="all" comment="'NOPASSWD' does not exist in /etc/sudoers">
           <object object_ref="oval:mil.disa.stig.ind:obj:23027100" />
         </textfilecontent54_test>
@@ -26497,10 +26311,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:25779301" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23027900" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23028000" version="2" check_existence="at_least_one_exists" check="all" comment="kernel.randomize_va_space setting in admin sysctl configuration files is set to 2">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23028002" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000004" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23028100" version="1" check="all" comment="/etc/dnf/dnf.conf: clean_requirements_on_remove is set to True, 1 or yes">
           <object object_ref="oval:mil.disa.stig.ind:obj:23028100" />
         </textfilecontent54_test>
@@ -26529,7 +26339,7 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:23030001" />
           <state state_ref="oval:mil.disa.stig.ind:ste:2303001" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23030101" version="1" check_existence="any_exist" check="all" comment="Device files are configured in /etc/fstab to use the nodev option.  Mounts on '/' are ignored.">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23030101" version="2" check_existence="any_exist" check="all" comment="Device files are configured in /etc/fstab to use the nodev option.  Mounts on '/', and vfat mounts, are ignored.">
           <object object_ref="oval:mil.disa.stig.ind:obj:23030101" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23030100" />
         </textfilecontent54_test>
@@ -26545,10 +26355,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:25785400" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23030800" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23031100" version="2" check_existence="at_least_one_exists" check="all" comment="kernel.core_pattern setting in sysctl configuration files is set to |/bin/false">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23031102" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:23031100" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23031300" version="2" check="all" comment="For the global domain, core is set to 0.">
           <object object_ref="oval:mil.disa.stig.ind:obj:23031300" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23031300" />
@@ -26685,12 +26491,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:23037800" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23037800" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23038100" version="1" check="all" comment="pam_lastlog is configured to show last successful logon">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23038100" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23038101" version="7" check_existence="none_exist" check="none satisfy" comment="pam_lastlog is not used with the silent option">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23038101" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23038200" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/ssh/sshd_config:PrintLastLog == yes">
           <object object_ref="oval:mil.disa.stig.ind:obj:23038200" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000016" />
@@ -27210,55 +27010,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:23052701" />
           <state state_ref="oval:mil.disa.stig.ind:ste:23052700" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23053500" version="1" check="all" comment="net.ipv6.conf.default.accept_redirects is set to 0 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23053502" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23053600" version="2" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.all.send_redirects setting in sysctl configuration files is set to 0">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23053602" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23053700" version="1" check="all" comment="net.ipv4.icmp_echo_ignore_broadcasts is set to 1 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23053702" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23053801" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv6.conf.all.accept_source_route setting in /etc/sysctl.d/99-sysctl.conf is set to 0, and nothing else">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23053801" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23053903" version="3" check_existence="at_least_one_exists" check="all" comment="net.ipv6.conf.default.accept_source_route setting in /etc/sysctl.d/99-sysctl.conf is set to 0, and nothing else">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23053903" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054000" version="4" check_existence="at_least_one_exists" check="all" comment="net.ipv6.conf.all.forwarding setting in sysctl configuration files is set to 0">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054002" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054301" version="2" check="all" comment="net.ipv4.conf.default.send_redirects is set to 0 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054303" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054401" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv6.conf.all.accept_redirects setting in sysctl configuration files is set to 0, and nothing else">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054403" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054501" version="1" check="all" comment="kernel.unprivileged_bpf_disabled is set to 1, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054501" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054601" version="1" check="all" comment="kernel.yama.ptrace_scope in sysctl configuration files is set to 1, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054603" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054801" version="1" check="all" comment="user.max_user_namespaces is set to 0 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054803" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23054900" version="3" check_existence="at_least_one_exists" check="all" state_operator="OR" comment="net.ipv4.conf.all.rp_filter setting in sysctl configuration files is set to 1 or 2">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054900" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000004" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23055001" version="1" check="all" comment="/etc/postfix/main.cf: smtpd_client_restrictions = permit_mynetworks,reject">
           <object object_ref="oval:mil.disa.stig.ind:obj:23055001" />
         </textfilecontent54_test>
@@ -27307,10 +27058,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23827800" version="1" check_existence="all_exist" check="all" comment="Audit invocations of /usr/bin/sudoedit">
           <object object_ref="oval:mil.disa.stig.ind:obj:23827800" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:23833301" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv4.tcp_syncookies setting in sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23833301" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24451900" version="1" check_existence="all_exist" check="all" comment="/etc/dconf/db/local.d/*/banner-message-enable is set to true">
           <object object_ref="oval:mil.disa.stig.ind:obj:24451900" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000001" />
@@ -27347,24 +27094,15 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:24454300" />
           <state state_ref="oval:mil.disa.stig.ind:ste:24454300" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24455001" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.default.accept_redirects setting in a configuration file in an acceptable directory is set to 0, and nothing else, and no conflicting configurations are in the files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:24455003" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24455201" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.default.accept_source_route setting in acceptable directory is set to 0, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:24455203" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24455401" version="1" check="all" comment="net.core.bpf_jit_harden is set to 2 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:24455401" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000004" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24877400" version="1" check_existence="all_exist" check="all" comment="Audit 32-bit invocations of the rmdir">
           <object object_ref="oval:mil.disa.stig.ind:obj:24877400" />
         </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24877401" version="1" check_existence="all_exist" check="all" comment="Audit 64-bit invocations of the rmdir">
           <object object_ref="oval:mil.disa.stig.ind:obj:24877401" />
         </textfilecontent54_test>
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:24890200" version="1" check="all" comment="/usr/lib/systemd/system/tftp.service: ExecStart has a -s option with a subdirectory assigned">
+          <object object_ref="oval:mil.disa.stig.ind:obj:24890200" />
+        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25170600" version="1" check_existence="none_exist" check="all" comment="There are no accounts in /etc/shadow that have blank password fields.">
           <object object_ref="oval:mil.disa.stig.ind:obj:25170600" />
         </textfilecontent54_test>
@@ -27372,10 +27110,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:25171300" />
           <state state_ref="oval:mil.disa.stig.ind:ste:25171300" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25171400" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/pam.d/system-auth:retry not greater than 3 and not 0">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25171400" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000018" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25299700" version="4" check_existence="all_exist" check="all" comment="Audit 32-bit invocations of rename">
           <object object_ref="oval:mil.disa.stig.ind:obj:25299700" />
         </textfilecontent54_test>
@@ -27460,16 +27194,12 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25303803" version="1" check="all" comment="Audit 64-bit invocations of the removexattr system call by root user.">
           <object object_ref="oval:mil.disa.stig.ind:obj:25303803" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25312001" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv6.conf.default.accept_ra setting in the sysctl configuration files is set to 0, and nothing else">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25312003" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25725800" version="1" check="all" comment="The system terminates idle user sessions.">
+          <object object_ref="oval:mil.disa.stig.ind:obj:25725800" />
+          <state state_ref="oval:mil.disa.stig.ind:ste:25725800" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25777700" version="2" check_existence="at_least_one_exists" check="all" state_operator="OR" comment="The RHEL 9 minor version is supported.">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25777700" version="3" check_existence="at_least_one_exists" check="all" state_operator="OR" comment="The RHEL 9 minor version is supported.">
           <object object_ref="oval:mil.disa.stig.ind:obj:25777700" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000004" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000006" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000007" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000008" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000009" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000010" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000011" />
@@ -27499,10 +27229,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:25779301" />
           <state state_ref="oval:mil.disa.stig.ind:ste:25779300" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25780001" version="1" check_existence="at_least_one_exists" check="all" comment="kernel.kptr_restrict is set to 1 in the sysctl configuration files, and no conflicting configs exist.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:23054703" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:23054701" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25780400" version="2" check="all" comment="/etc/modprobe.conf contains a file that contains 'install atm /bin/false'">
           <object object_ref="oval:mil.disa.stig.ind:obj:25780400" />
         </textfilecontent54_test>
@@ -27542,37 +27268,9 @@ Privileged functions include, for example, establishing accounts, performing sys
           <state state_ref="oval:mil.disa.stig.ind:ste:25794902" />
           <state state_ref="oval:mil.disa.stig.ind:ste:25794903" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25794901" version="1" check_existence="at_least_one_exists" check="all" comment="DNS setting exists in NetworkManager.conf main section">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25794901" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:25794900" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25795800" version="1" check="all" comment="net.ipv4.conf.all.accept_redirects is set to 0 in the sysctl configuration files.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25795800" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25795900" version="3" check="all" comment="net.ipv4.conf.all.accept_source_route setting in sysctl configuration files is set to 0">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25795902" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25796001" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.all.log_martians setting in sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25796001" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25796100" version="2" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.default.log_martians setting in sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25796102" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25796700" version="2" check_existence="at_least_one_exists" check="all" comment="net.ipv4.icmp_ignore_bogus_error_responses setting in sysctl configuration files is set to 1">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25796702" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25797001" version="1" check_existence="at_least_one_exists" check="all" comment="net.ipv4.conf.all.forwarding setting in acceptable directory is set to 0, and nothing else, and there are no conflicting settings in other files">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25797003" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25797100" version="2" check="all" comment="net.ipv6.conf.all.accept_ra setting in sysctl configuration files is set to 0">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25797102" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:20000002" />
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25794901" version="1" check_existence="at_least_one_exists" check="all" comment="DNS setting exists in NetworkManager.conf main section">
+          <object object_ref="oval:mil.disa.stig.ind:obj:25794901" />
+          <state state_ref="oval:mil.disa.stig.ind:ste:25794900" />
         </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25798100" version="3" check_existence="at_least_one_exists" check="all" comment="/etc/ssh/sshd_config:banner == /etc/issue">
           <object object_ref="oval:mil.disa.stig.ind:obj:25798102" />
@@ -27662,21 +27360,9 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25801700" version="4" check_existence="at_least_one_exists" check="all" comment="check that /etc/dconf/profile/user:system-db is at minimum set to local">
           <object object_ref="oval:mil.disa.stig.ind:obj:25801700" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25801701" version="1" check_existence="at_least_one_exists" check="all" comment="Check that the automount setting is locked from nonprivileged user modification">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25801701" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25802000" version="1" check_existence="at_least_one_exists" check="all" comment="/org/gnome/settings-daemon/peripherals/smartcard/removal-action in dconf user database locks directories exists">
           <object object_ref="oval:mil.disa.stig.ind:obj:25802000" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25802300" version="1" check_existence="at_least_one_exists" check="at least one" comment="idle-delay exists">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25802300" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:25802300" />
-        </textfilecontent54_test>
-        <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25802301" version="2" check_existence="at_least_one_exists" check="at least one" state_operator="OR" comment="idle-delay incorrect">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25802301" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:25802301" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:25802302" />
-        </variable_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25802600" version="1" check_existence="at_least_one_exists" check="all" comment="dconf user database(s) exist">
           <object object_ref="oval:mil.disa.stig.ind:obj:25802600" />
         </textfilecontent54_test>
@@ -27722,10 +27408,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:25807500" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000025" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25807700" version="1" check="all" comment="The system terminates idle user sessions.">
-          <object object_ref="oval:mil.disa.stig.ind:obj:25807700" />
-          <state state_ref="oval:mil.disa.stig.ind:ste:25807700" />
-        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25808600" version="1" check_existence="none_exist" check="all" comment="'!authenticate' does not exist in /etc/sudoers">
           <object object_ref="oval:mil.disa.stig.ind:obj:25808600" />
         </textfilecontent54_test>
@@ -27741,6 +27423,10 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25808800" version="1" check="all" comment="Users must be members of the wheel group to run the su command.">
           <object object_ref="oval:mil.disa.stig.ind:obj:25808800" />
         </textfilecontent54_test>
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25809100" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/security/pwquality.conf:retry not greater than 3 and not 0">
+          <object object_ref="oval:mil.disa.stig.ind:obj:25809100" />
+          <state state_ref="oval:mil.disa.stig.ind:ste:20000018" />
+        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25809900" version="2" check="all" comment="The pam_unix module is included in password-auth and configured for 100000 or more rounds.">
           <object object_ref="oval:mil.disa.stig.ind:obj:25809900" />
           <state state_ref="oval:mil.disa.stig.ind:ste:25810000" />
@@ -27873,6 +27559,13 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25822700" version="1" check="all" comment="/etc/audit/audit.rules: -f 2 option is present">
           <object object_ref="oval:mil.disa.stig.ind:obj:25822700" />
         </textfilecontent54_test>
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25823000" version="1" check_existence="all_exist" check="all" comment="fips_enabled == 1">
+          <object object_ref="oval:mil.disa.stig.ind:obj:25823000" />
+          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
+        </textfilecontent54_test>
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25823001" version="1" check_existence="all_exist" check="all" comment="The system-wide crypto-policy is set to FIPS">
+          <object object_ref="oval:mil.disa.stig.ind:obj:25823001" />
+        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:25823200" version="1" check_existence="at_least_one_exists" check="at least one" comment="ipsec.conf includes crypto-policy">
           <object object_ref="oval:mil.disa.stig.ind:obj:25823200" />
           <state state_ref="oval:mil.disa.stig.ind:ste:25823200" />
@@ -27907,11 +27600,15 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.ind:obj:27018001" />
           <state state_ref="oval:mil.disa.stig.ind:ste:27018000" />
         </textfilecontent54_test>
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:27170900" version="1" check_existence="at_least_one_exists" check="all" comment="/etc/ssh/sshd_config:ClientAliveCountMax = 1">
+          <object object_ref="oval:mil.disa.stig.ind:obj:27170902" />
+          <state state_ref="oval:mil.disa.stig.ind:ste:20000003" />
+        </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:27172000" version="1" check_existence="at_least_one_exists" check="all" comment="The PermitUserEnvironment option is not set to yes in /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/*.conf.">
           <object object_ref="oval:mil.disa.stig.ind:obj:27172000" />
           <state state_ref="oval:mil.disa.stig.ind:ste:20000017" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:27249600" version="1" check_existence="only_one_exists" check="all" comment="elevate the SELinux context when an administrator calls the sudo command">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:tst:27249600" version="2" check_existence="at_least_one_exists" check="all" comment="elevate the SELinux context when an administrator calls the sudo command">
           <object object_ref="oval:mil.disa.stig.ind:obj:27249602" />
           <state state_ref="oval:mil.disa.stig.ind:ste:27249600" />
         </textfilecontent54_test>
@@ -27962,7 +27659,7 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.linux:obj:23030000" />
           <state state_ref="oval:mil.disa.stig.linux:ste:20000002" />
         </partition_test>
-        <partition_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:23030100" version="1" check_existence="any_exist" check="all" comment="Device files are mounted with the nodev option.  Mounts on '/' are ignored.">
+        <partition_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:23030100" version="2" check_existence="any_exist" check="all" comment="Device files are mounted with the nodev option.  Mounts on '/', and vfat mounts, are ignored.">
           <object object_ref="oval:mil.disa.stig.linux:obj:23030100" />
           <state state_ref="oval:mil.disa.stig.linux:ste:20000001" />
         </partition_test>
@@ -28071,9 +27768,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.linux:obj:23052200" />
           <state state_ref="oval:mil.disa.stig.linux:ste:20000000" />
         </partition_test>
-        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:23053300" version="1" check_existence="none_exist" check="all" comment="The tftp-server package is absent.">
-          <object object_ref="oval:mil.disa.stig.linux:obj:23053300" />
-        </rpminfo_test>
         <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:23055000" version="1" check="all" comment="The postfix package is installed">
           <object object_ref="oval:mil.disa.stig.linux:obj:23055000" />
         </rpminfo_test>
@@ -28161,6 +27855,9 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.linux:obj:25794400" />
           <state state_ref="oval:mil.disa.stig.linux:ste:20000003" />
         </systemdunitproperty_test>
+        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25795201" version="1" check_existence="at_least_one_exists" check="all" comment="The tftp-server package is iinstalled.">
+          <object object_ref="oval:mil.disa.stig.linux:obj:23053300" />
+        </rpminfo_test>
         <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25795400" version="1" check_existence="at_least_one_exists" check="all" comment="libreswan package is installed">
           <object object_ref="oval:mil.disa.stig.linux:obj:25795400" />
         </rpminfo_test>
@@ -28212,7 +27909,7 @@ Privileged functions include, for example, establishing accounts, performing sys
         <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25817500" version="1" check_existence="at_least_one_exists" check="all" comment="audispd-plugins package is installed">
           <object object_ref="oval:mil.disa.stig.linux:obj:25817500" />
         </rpminfo_test>
-        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25823400" version="1" check_existence="at_least_one_exists" check="all" comment="libreswan package is installed">
+        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25823400" version="2" check_existence="at_least_one_exists" check="all" comment="crypto-policies package is installed">
           <object object_ref="oval:mil.disa.stig.linux:obj:25823400" />
         </rpminfo_test>
         <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:25824200" version="1" check_existence="at_least_one_exists" check="all" comment="BIND installed">
@@ -28278,22 +27975,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:23026600" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
         </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23026700" version="1" check_existence="all_exist" check="all" comment="fs.protected_symlinks setting in kernel is set to 1">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23026700" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
-        </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23026800" version="1" check_existence="all_exist" check="all" comment="fs.protected_hardlinks setting in kernel is set to 1">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23026800" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:23026800" />
-        </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23026900" version="2" check_existence="all_exist" check="all" comment="kernel.dmesg_restrict setting in kernel is set to 1">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23026900" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
-        </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23027000" version="1" check_existence="all_exist" check="all" comment="kernel.perf_event_paranoid setting in kernel is set to 2">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23027000" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000011" />
-        </sysctl_test>
         <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23028000" version="2" check_existence="all_exist" check="all" comment="kernel.randomize_va_space setting in kernel is set to 2">
           <object object_ref="oval:mil.disa.stig.unix:obj:23028000" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000011" />
@@ -28397,10 +28078,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:23053800" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000009" />
         </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23053902" version="1" check_existence="all_exist" check="all" comment="net.ipv6.conf.default.accept_source_route setting in kernel is set to 0">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23053904" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000009" />
-        </sysctl_test>
         <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23054000" version="1" check_existence="all_exist" check="all" comment="net.ipv6.conf.all.forwarding setting in kernel is set to 0">
           <object object_ref="oval:mil.disa.stig.unix:obj:23054000" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000009" />
@@ -28425,11 +28102,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:23054800" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000009" />
         </sysctl_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23054900" version="3" check_existence="all_exist" check="all" state_operator="OR" comment="net.ipv4.conf.all.rp_filter setting in kernel is set to 1 or 2">
-          <object object_ref="oval:mil.disa.stig.unix:obj:23054900" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:20000011" />
-        </sysctl_test>
         <interface_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:23055400" version="1" check_existence="any_exist" check="all" comment="no network interfaces are in promiscuous mode">
           <object object_ref="oval:mil.disa.stig.unix:obj:23055400" />
           <state state_ref="oval:mil.disa.stig.unix:ste:23055400" />
@@ -28454,6 +28126,26 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:24455400" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000011" />
         </sysctl_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:24857700" version="1" check_existence="all_exist" check="all" comment="fs.protected_symlinks setting in kernel is set to 1">
+          <object object_ref="oval:mil.disa.stig.unix:obj:24857700" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
+        </sysctl_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:24857800" version="2" check_existence="all_exist" check="all" comment="fs.protected_hardlinks setting in kernel is set to 1">
+          <object object_ref="oval:mil.disa.stig.unix:obj:24857800" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
+        </sysctl_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:24857900" version="1" check_existence="all_exist" check="all" comment="kernel.dmesg_restrict setting in kernel is set to 1">
+          <object object_ref="oval:mil.disa.stig.unix:obj:24857900" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
+        </sysctl_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:24858000" version="1" check_existence="all_exist" check="all" comment="kernel.perf_event_paranoid setting in kernel is set to 2">
+          <object object_ref="oval:mil.disa.stig.unix:obj:24858000" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000011" />
+        </sysctl_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:24888202" version="1" check_existence="all_exist" check="all" comment="net.ipv6.conf.default.accept_source_route setting in kernel is set to 0">
+          <object object_ref="oval:mil.disa.stig.unix:obj:24888204" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000009" />
+        </sysctl_test>
         <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:25170700" version="3" check="all" comment="Library directories have mode 755 or less permissive.">
           <object object_ref="oval:mil.disa.stig.unix:obj:25170800" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000003" />
@@ -28482,9 +28174,9 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:25779100" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000005" />
         </file_test>
-        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:25780000" version="1" check="all" comment="kernel.kptr_restrict is set to 1 in kernel">
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:25780000" version="2" check="all" comment="kernel.kptr_restrict is set to 1">
           <object object_ref="oval:mil.disa.stig.unix:obj:23054700" />
-          <state state_ref="oval:mil.disa.stig.unix:ste:23054700" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
         </sysctl_test>
         <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:25789000" version="2" check_existence="any_exist" check="all" comment="All local interactive user home directories are 0750 or less">
           <object object_ref="oval:mil.disa.stig.unix:obj:25789001" />
@@ -28733,6 +28425,10 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.unix:obj:20000022" />
           <state state_ref="oval:mil.disa.stig.unix:ste:20000006" />
         </file_test>
+        <sysctl_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:27186800" version="1" check_existence="all_exist" check="all" comment="net.ipv4.conf.all.rp_filter setting in kernel is set to 1">
+          <object object_ref="oval:mil.disa.stig.unix:obj:23054900" />
+          <state state_ref="oval:mil.disa.stig.unix:ste:20000010" />
+        </sysctl_test>
       </tests>
       <objects>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:230345" version="1">
@@ -28820,23 +28516,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*crypt_style\s*=\s*(\S+)\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:20461100" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.rp_filter\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:20461101" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.rp_filter\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:20461102" version="1" comment="all sysctl configuration files - net.ipv4.conf.default.rp_filter">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:20461100</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:20461101</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23023100" version="1" comment="/etc/login.defs:ENCRYPT_METHOD">
           <filepath>/etc/login.defs</filepath>
           <pattern operation="pattern match">^\s*ENCRYPT_METHOD\s+([^#\r\n]*)</pattern>
@@ -28870,11 +28549,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^SELINUX=(.*)\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23024400" version="1">
-          <filepath>/etc/ssh/sshd_config</filepath>
-          <pattern operation="pattern match">^\s*(?i)ClientAliveCountMax(?-i)\s+"?(\d+)"?\s*(?:|(?:#.*))?$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026400" version="1">
           <path>/etc/yum.repos.d</path>
           <filename operation="pattern match">\.repo$</filename>
@@ -28904,74 +28578,6 @@ Privileged functions include, for example, establishing accounts, performing sys
             <object_reference>oval:mil.disa.stig.ind:obj:23026602</object_reference>
           </set>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026701" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*fs\.protected_symlinks\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026702" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*fs\.protected_symlinks\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026703" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23026701</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23026702</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026801" version="3" comment="/etc/sysctl.d/99-sysctl.conf">
-          <path var_ref="oval:mil.disa.stig.ind:var:23026800" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*fs\.protected_hardlinks\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026802" version="2" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*fs\.protected_hardlinks\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026803" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23026801</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23026802</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026900" version="3">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.dmesg_restrict\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026901" version="4">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*kernel\.dmesg_restrict\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23026902" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23026900</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23026901</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23027001" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*kernel\.perf_event_paranoid\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23027002" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*kernel\.perf_event_paranoid\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23027003" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23027001</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23027002</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23027100" version="1">
           <behaviors ignore_case="true" />
           <filepath>/etc/sudoers</filepath>
@@ -28985,23 +28591,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^(?!#).*\s+NOPASSWD.*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23028000" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.randomize_va_space\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23028001" version="4" comment="system sysctl configuration files - kernel.randomize_va_space">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*kernel\.randomize_va_space\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23028002" version="1" comment="all sysctl configuration files - kernel.randomize_va_space">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23028000</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23028001</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23028100" version="1">
           <filepath>/etc/dnf/dnf.conf</filepath>
           <pattern operation="pattern match">^[ \t]*clean_requirements_on_remove[ \t]*=[ \t]*(?:True|1|yes)[ \t]*$</pattern>
@@ -29072,9 +28661,9 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*[^#\s]+\s+/boot\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23030101" version="1">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23030101" version="2">
           <filepath>/etc/fstab</filepath>
-          <pattern operation="pattern match">^\s*/dev\S*\s+/\S+\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
+          <pattern operation="pattern match">^\s*/dev\S*\s+/\S+\s+(?!vfat\s+)\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23030600" version="1">
@@ -29087,23 +28676,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*\[?[\.\w:-]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+(.*)$</pattern>
           <instance datatype="int" operation="not equal">0</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23031100" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.core_pattern\s*=\s*(.+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23031101" version="4">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*kernel\.core_pattern\s*=\s*(.+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23031102" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23031100</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23031101</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23031300" version="1">
           <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
             <object_reference>oval:mil.disa.stig.ind:obj:23031302</object_reference>
@@ -29487,16 +29059,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*FAIL_DELAY\s+(\d+)\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23038100" version="3">
-          <filepath datatype="string">/etc/pam.d/postlogin</filepath>
-          <pattern operation="pattern match">^\s*session\s+.+\s+pam_lastlog\.so\s+(?:\w+\s+)*showfailed\b\s*(?:\w+\b\s*)*\s*(?:#.*)?$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23038101" version="5">
-          <filepath datatype="string">/etc/pam.d/postlogin</filepath>
-          <pattern operation="pattern match">^\s*session\s+.+\s+pam_lastlog\.so\s+(?:\w+\s+)*silent\b\s*(?:\w+\b\s*)*\s*(?:#.*)?$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23038200" version="1">
           <filepath>/etc/ssh/sshd_config</filepath>
           <pattern operation="pattern match">^\s*(?i)PrintLastLog(?-i)[ \t]+([\w\"]+)[\s]*(?:|(?:#.*))?$</pattern>
@@ -30237,255 +29799,34 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23051901" version="1">
           <filepath>/etc/fstab</filepath>
           <pattern operation="pattern match">^\s*[^#\s]+\s+/var/log/audit\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
-          <instance datatype="int">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052001" version="1">
-          <filepath>/etc/fstab</filepath>
-          <pattern operation="pattern match">^\s*[^#\s]+\s+/var/tmp\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
-          <instance datatype="int">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052101" version="1">
-          <filepath>/etc/fstab</filepath>
-          <pattern operation="pattern match">^\s*[^#\s]+\s+/var/tmp\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
-          <instance datatype="int">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052500" version="1">
-          <filepath>/etc/firewalld/firewalld.conf</filepath>
-          <pattern operation="pattern match">^\s*FirewallBackend\s*=\s*(\w+)\s*(?:#.*)?$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052700" version="3">
-          <behaviors ignore_case="true" />
-          <filepath>/etc/ssh/sshd_config</filepath>
-          <pattern operation="pattern match">^\s*RekeyLimit\s+\d+[kmg]?\s+\d+[smdhw]?\s*</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052701" version="3">
-          <behaviors ignore_case="true" />
-          <path>/etc/ssh/sshd_config.d</path>
-          <filename operation="pattern match">^.+\.conf$</filename>
-          <pattern operation="pattern match">^\s*RekeyLimit\s+\d+[kmg]?\s+\d+[smdhw]?\s*</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053500" version="1" comment="Setting for net.ipv6.conf.default.accept_redirects in sysctl.d directories.">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*net.ipv6.conf.default.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053501" version="1" comment="Setting for net.ipv6.conf.default.accept_redirects in /etc/sysctl.conf.">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net.ipv6.conf.default.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053502" version="1" comment="Setting for net.ipv6.conf.default.accept_redirects in all sysctl configuration files.">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <object_reference>oval:mil.disa.stig.ind:obj:23053500</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23053501</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053600" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.send_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053601" version="3">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.send_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053602" version="1" comment="all sysctl configuration files - net.ipv4.conf.all.send_redirects ">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23053600</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23053601</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053700" version="1" comment="Setting for net.ipv4.icmp_echo_ignore_broadcasts in sysctl.d directories.">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.icmp_echo_ignore_broadcasts\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053701" version="1" comment="Setting for net.ipv4.icmp_echo_ignore_broadcasts in /etc/sysctl.conf.">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.icmp_echo_ignore_broadcasts\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053702" version="1" comment="Setting for net.ipv4.icmp_echo_ignore_broadcasts in all sysctl configuration files.">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <object_reference>oval:mil.disa.stig.ind:obj:23053700</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23053701</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053801" version="2" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23053802</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23053803</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053802" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net.ipv6.conf.all.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053803" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net.ipv6.conf.all.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053902" version="2" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv6\.conf\.default\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053903" version="2" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23053902</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23053905</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23053905" version="3" comment="Check the sysctl configuration files for net.ipv6.conf.default.accept_source_route">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv6\.conf\.default\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054000" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv6\.conf\.all\.forwarding\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054001" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv6\.conf\.all\.forwarding\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054002" version="1" comment="all sysctl configuration files - net.ipv6.conf.all.forwarding ">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054000</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054001</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054301" version="3">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="only one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.send_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054302" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.send_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054303" version="2">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054301</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054302</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054401" version="1" comment="Search other sysctl configuration files for net.ipv6.conf.all.accept_redirects">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf</filename>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv6\.conf\.all\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054402" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv6\.conf\.all\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054403" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054401</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054402</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054501" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054502</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054503</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054502" version="1">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.unprivileged_bpf_disabled\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054503" version="1">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*kernel\.unprivileged_bpf_disabled\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054601" version="11">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.yama\.ptrace_scope\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054602" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*kernel\.yama\.ptrace_scope\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054603" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054601</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054602</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054701" version="7">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="only one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*kernel\.kptr_restrict\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054702" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*kernel\.kptr_restrict\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
+          <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054703" version="2">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054701</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054702</object_reference>
-          </set>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052001" version="1">
+          <filepath>/etc/fstab</filepath>
+          <pattern operation="pattern match">^\s*[^#\s]+\s+/var/tmp\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
+          <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054801" version="1">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="only one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*user\.max_user_namespaces\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052101" version="1">
+          <filepath>/etc/fstab</filepath>
+          <pattern operation="pattern match">^\s*[^#\s]+\s+/var/tmp\s+\S+\s+(\S+)\s+\S+\s+\S+\s*$</pattern>
+          <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054802" version="1">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*user\.max_user_namespaces\s*=\s*(\d+)\s*$</pattern>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052500" version="1">
+          <filepath>/etc/firewalld/firewalld.conf</filepath>
+          <pattern operation="pattern match">^\s*FirewallBackend\s*=\s*(\w+)\s*(?:#.*)?$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054803" version="1">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054801</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054802</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054900" version="3" comment="system sysctl configuration files - net.ipv4.conf.all.rp_filter">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23054901</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23054902</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054901" version="4">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.rp_filter\s*=\s*(\d+)\s*$</pattern>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052700" version="3">
+          <behaviors ignore_case="true" />
+          <filepath>/etc/ssh/sshd_config</filepath>
+          <pattern operation="pattern match">^\s*RekeyLimit\s+\d+[kmg]?\s+\d+[smdhw]?\s*</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23054902" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.rp_filter\s*=\s*(\d+)\s*$</pattern>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23052701" version="3">
+          <behaviors ignore_case="true" />
+          <path>/etc/ssh/sshd_config.d</path>
+          <filename operation="pattern match">^.+\.conf$</filename>
+          <pattern operation="pattern match">^\s*RekeyLimit\s+\d+[kmg]?\s+\d+[smdhw]?\s*</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23055001" version="1">
@@ -30621,23 +29962,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*-a\s+(always,exit|exit,always)(?:\s+-S\s+all)?\s+-F\s+path=/usr/bin/sudoedit\s+(-F\s+perm=([rwa]*x[rwa]*)\s+)?-F\s+auid&gt;=1000\s+-F\s+auid!=(4294967295|-1|unset)(\s+(-k\s+|-F\s+key=)\S+)?\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23833301" version="1">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:23833302</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:23833303</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23833302" version="1">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.tcp_syncookies\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:23833303" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.tcp_syncookies\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24451900" version="1">
           <path datatype="string">/etc/dconf/db/local.d</path>
           <filename datatype="string" operation="pattern match">.*</filename>
@@ -30694,62 +30018,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">(?i)^\s*space_left_action\s*=\s*(\w+)\s*(?:#.*)?$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455001" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv4\.conf\.default\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455002" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv4\.conf\.default\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455003" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:24455001</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:24455002</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455201" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv4\.conf\.default\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455202" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.conf\.default\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455203" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:24455201</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:24455202</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455301" version="1" comment="Setting for net.ipv4.conf.all.accept_redirects in /etc/sysctl.conf.">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455401" version="1">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:24455402</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:24455403</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455402" version="1">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="only one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.core\.bpf_jit_harden\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24455403" version="1">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.core\.bpf_jit_harden\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24877400" version="1" comment="Audit 32-bit invocations of rmdir">
           <filepath>/etc/audit/audit.rules</filepath>
           <pattern operation="pattern match">^\s*-a\s+(always,exit|exit,always)\s+-F\s+arch=b32\s+(?:.*(-S\s+rmdir\s+|(\s+|,)rmdir(\s+|,))).*-F\s+auid&gt;=1000\s+-F\s+auid!=(4294967295|-1|unset)(\s+(-k\s+|-F\s+key=)[-\w]+)*\s*$</pattern>
@@ -30760,6 +30028,11 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*-a\s+(always,exit|exit,always)\s+-F\s+arch=b64\s+(?:.*(-S\s+rmdir\s+|(\s+|,)rmdir(\s+|,))).*-F\s+auid&gt;=1000\s+-F\s+auid!=(4294967295|-1|unset)(\s+(-k\s+|-F\s+key=)[-\w]+)*\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:24890200" version="1">
+          <filepath>/usr/lib/systemd/system/tftp.service</filepath>
+          <pattern operation="pattern match">^ExecStart[ \t]*=[ \t]*\/usr\/sbin\/in\.tftpd[ \t]*-s[ \t]+/\S+[ \t]*$</pattern>
+          <instance datatype="int" operation="greater than or equal">1</instance>
+        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25170600" version="1">
           <filepath>/etc/shadow</filepath>
           <pattern operation="pattern match">^[^:]+::[^:]*:[^:]*:</pattern>
@@ -30771,11 +30044,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*password\s+(?:required|requisite)\s+(.*)$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25171400" version="1" comment="in /etc/pam.d/system-auth check for pam_pwquality.so retry equals value">
-          <filepath>/etc/pam.d/system-auth</filepath>
-          <pattern operation="pattern match">^[ \t]*password[ \t]+(?:(?:required)|(?:requisite))[ \t]+pam_pwquality\.so(?:[ \t]+|(?:[ \t][^#\r\f\n]+[ \t]+))retry=([0-9]+)(?:\s|$)</pattern>
-          <instance datatype="int">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25299700" version="2" comment="32-bit rename command">
           <filepath>/etc/audit/audit.rules</filepath>
           <pattern operation="pattern match">^\s*-a\s+(always,exit|exit,always)\s+-F\s+arch=b32\s+(?:.*(-S\s+rename\s+|(\s+|,)rename(\s+|,))).*-F\s+auid&gt;=1000\s+-F\s+auid!=(4294967295|-1|unset)(\s+(-k\s+|-F\s+key=)[-\w]+)*\s*$</pattern>
@@ -30916,23 +30184,11 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match" var_ref="oval:mil.disa.stig.defs:var:25303803" />
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25312001" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv6\.conf\.default\.accept_ra\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25312002" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv6\.conf\.default\.accept_ra\s*=\s*(\d+)\s*$</pattern>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25725800" version="3">
+          <filepath>/etc/systemd/logind.conf</filepath>
+          <pattern operation="pattern match">^\s*StopIdleSessionSec\s*=\s*(-?\d*)\s*(?:#.*)?$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25312003" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25312001</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25312002</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25777700" version="4">
           <path>/etc</path>
           <filename>redhat-release</filename>
@@ -31015,120 +30271,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\[main\]((?:\r?\n(?:[^[\r\n].*)?)*)</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25795800" version="1">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <object_reference>oval:mil.disa.stig.ind:obj:24455301</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25795801</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25795801" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.accept_redirects\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25795900" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25795901" version="2" comment="system sysctl configuration files - net.ipv4.conf.all.accept_source_route">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.all\.accept_source_route\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25795902" version="1" comment="all sysctl configuration files - net.ipv4.conf.all.accept_source_route">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25795900</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25795901</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796001" version="1">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25796002</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25796003</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796002" version="1">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.conf\.all\.log_martians\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796003" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.conf\.all\.log_martians\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796100" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.log_martians\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796101" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.conf\.default\.log_martians\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796102" version="1" comment="all sysctl configuration files - net.ipv4.conf.default.log_martians">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25796100</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25796101</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796700" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv4\.icmp_ignore_bogus_error_responses\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796701" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv4\.icmp_ignore_bogus_error_responses\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25796702" version="1" comment="all sysctl configuration files - net.ipv4.icmp_ignore_bogus_error_responses">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25796700</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25796701</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797001" version="1" comment="other sysctl configuration files">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">\.conf$</filename>
-          <pattern operation="pattern match">(?:^|\.*\n)\s*net\.ipv4\.conf\.all\.forwarding\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797002" version="1" comment="/etc/sysctl.conf">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">(?:^|.*\n)\s*net\.ipv4\.conf\.all\.forwarding\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797003" version="1" comment="all sysctl configuration files">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25797001</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25797002</object_reference>
-          </set>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797100" version="2">
-          <filepath>/etc/sysctl.conf</filepath>
-          <pattern operation="pattern match">^\s*net\.ipv6\.conf\.all\.accept_ra\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797101" version="2">
-          <path var_ref="oval:mil.disa.stig.defs:var:20000005" var_check="at least one" />
-          <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^\s*net\.ipv6\.conf\.all\.accept_ra\s*=\s*(\d+)\s*$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25797102" version="1" comment="all sysctl configuration files - net.ipv4.conf.all.send_redirects ">
-          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
-            <object_reference>oval:mil.disa.stig.ind:obj:25797100</object_reference>
-            <object_reference>oval:mil.disa.stig.ind:obj:25797101</object_reference>
-          </set>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25798100" version="1" comment="Pull value of /etc/ssh/sshd_config:banner">
           <filepath>/etc/ssh/sshd_config</filepath>
           <pattern operation="pattern match">^\s*(?i)banner(?-i)[ \t\"]+([\w\/]+)[\"\s]*(?:|(?:#.*))?$</pattern>
@@ -31353,27 +30495,12 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*system-db\s*:\s*local\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25801701" version="1" comment="Check that the automount setting is locked from nonprivileged user modification">
-          <path>/etc/dconf/db/local.d/locks</path>
-          <filename operation="pattern match">^.*$</filename>
-          <pattern datatype="string" operation="pattern match">^\s*\/org\/gnome\/desktop\/media-handling\/autorun-never$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25802000" version="1" comment="/org/gnome/settings-daemon/peripherals/smartcard/removal-action in dconf user database locks directories">
           <path var_ref="oval:mil.disa.stig.defs:var:25802600" var_check="at least one" />
           <filename operation="pattern match">.*</filename>
           <pattern operation="pattern match">^/org/gnome/settings-daemon/peripherals/smartcard/removal-action$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25802300" version="1" comment="dconf org/gnome/desktop/session sections">
-          <path datatype="string" var_ref="oval:mil.disa.stig.defs:var:25802300" var_check="at least one" />
-          <filename datatype="string" operation="pattern match">.*</filename>
-          <pattern operation="pattern match">^\[org/gnome/desktop/session](?:\r?\n(?:[^[\r\n].*)?)*</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
-        <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25802301" version="1" comment="idle-delay value">
-          <var_ref>oval:mil.disa.stig.defs:var:25802301</var_ref>
-        </variable_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25802600" version="2" comment="dconf user databases">
           <filepath>/etc/dconf/profile/user</filepath>
           <pattern operation="pattern match">^system-db:(\S+)\s*$</pattern>
@@ -31458,11 +30585,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^(?i)\s*umask\s+([^#\s]+)</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25807700" version="3">
-          <filepath>/etc/systemd/logind.conf</filepath>
-          <pattern operation="pattern match">^\s*StopIdleSessionSec\s*=\s*(-?\d*)\s*(?:#.*)?$</pattern>
-          <instance datatype="int" operation="greater than or equal">1</instance>
-        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25808600" version="4">
           <behaviors ignore_case="true" />
           <filepath>/etc/sudoers</filepath>
@@ -31494,6 +30616,24 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^\s*auth\s+(?:required|requisite)\s+pam_wheel\.so(?:\s|$)</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25809100" version="1">
+          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
+            <object_reference>oval:mil.disa.stig.ind:obj:25809101</object_reference>
+            <object_reference>oval:mil.disa.stig.ind:obj:25809102</object_reference>
+          </set>
+        </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25809101" version="2" comment="in /etc/security/pwquality.conf check for pam_pwquality.so retry equals value">
+          <filepath>/etc/security/pwquality.conf</filepath>
+          <pattern operation="pattern match">^\s*retry\s*=\s*(-?\d*)\s*(?:#.*)?$</pattern>
+          <instance datatype="int">1</instance>
+        </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25809102" version="2" comment="in /etc/security/pwquality.conf check for pam_pwquality.so retry equals value">
+          <behaviors recurse_direction="down" />
+          <path>/etc/security/pwquality.conf.d</path>
+          <filename operation="pattern match">\.conf$</filename>
+          <pattern operation="pattern match">^\s*retry\s*=\s*(-?\d*)\s*(?:#.*)?$</pattern>
+          <instance datatype="int">1</instance>
+        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25809900" version="1">
           <filepath>/etc/pam.d/password-auth</filepath>
           <pattern operation="pattern match">^\s*password\s+sufficient\s+pam_unix\.so\s+[^#\n]*\brounds=(\d+)\b</pattern>
@@ -31618,35 +30758,35 @@ Privileged functions include, for example, establishing accounts, performing sys
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814403" version="1">
           <filepath>/etc/rsyslog.conf</filepath>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*auth(?:,\w+)*\.\*|\S+;auth\.\*|auth\.\*;\S+|\S+;auth\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;auth\.\*|auth\.\*;\S+|auth\.\*|\S+;auth\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814404" version="1">
           <filepath>/etc/rsyslog.conf</filepath>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*authpriv(?:,\w+)*\.\*|\S+;authpriv\.\*|authpriv\.\*;\S+|\S+;authpriv\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;authpriv\.\*|authpriv\.\*;\S+|authpriv\.\*|\S+;authpriv\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814405" version="1">
           <filepath>/etc/rsyslog.conf</filepath>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*daemon(?:,\w+)*\.\*|\S+;daemon\.\*|daemon\.\*;\S+|\S+;daemon\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;daemon\.\*|daemon\.\*;\S+|daemon\.\*|\S+;daemon\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814406" version="1">
           <path>/etc/rsyslog.d</path>
           <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*auth(?:,\w+)*\.\*|\S+;auth\.\*|auth\.\*;\S+|\S+;auth\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;auth\.\*|auth\.\*;\S+|auth\.\*|\S+;auth\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814407" version="1">
           <path>/etc/rsyslog.d</path>
           <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*authpriv(?:,\w+)*\.\*|\S+;authpriv\.\*|authpriv\.\*;\S+|\S+;authpriv\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;authpriv\.\*|authpriv\.\*;\S+|authpriv\.\*|\S+;authpriv\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814408" version="1">
           <path>/etc/rsyslog.d</path>
           <filename operation="pattern match">^.*\.conf$</filename>
-          <pattern operation="pattern match">^[ \t]*(?:(?:\w+,)*daemon(?:,\w+)*\.\*|\S+;daemon\.\*|daemon\.\*;\S+|\S+;daemon\.\*;\S+)[ \t]+(?:(?!action\()\S+|action\([^)]*file\s*=\s*["'][^"']+["'][^)]*\))\s*$</pattern>
+          <pattern operation="pattern match">^[ \t]*(?:\S+;daemon\.\*|daemon\.\*;\S+|daemon\.\*|\S+;daemon\.\*;\S+)[ \t]+\S+\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25814600" version="1" comment="ActionSendStreamDriverAuthMode">
@@ -31779,6 +30919,16 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">^[ \t]*-f[ \t]+2\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25823000" version="1" comment="/proc/sys/crypto/fips_enabled">
+          <filepath datatype="string">/proc/sys/crypto/fips_enabled</filepath>
+          <pattern operation="pattern match">^(\d+)$</pattern>
+          <instance datatype="int" operation="greater than or equal">1</instance>
+        </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25823001" version="1">
+          <filepath datatype="string">/etc/crypto-policies/config</filepath>
+          <pattern datatype="string" operation="pattern match">^FIPS$</pattern>
+          <instance datatype="int" operation="equals">1</instance>
+        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:25823200" version="1" comment="/etc/ipsec.conf includes">
           <filepath>/etc/ipsec.conf</filepath>
           <pattern operation="pattern match">^\s*include\s+(.*)\s*$</pattern>
@@ -31816,6 +30966,23 @@ Privileged functions include, for example, establishing accounts, performing sys
           <pattern operation="pattern match">(.*\S.*)\s*$</pattern>
           <instance datatype="int" operation="greater than or equal">1</instance>
         </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:27170900" version="1">
+          <filepath>/etc/ssh/sshd_config</filepath>
+          <pattern operation="pattern match">^\s*(?i)ClientAliveCountMax(?-i)\s+"?(\d+)"?\s*(?:|(?:#.*))?$</pattern>
+          <instance datatype="int" operation="greater than or equal">1</instance>
+        </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:27170901" version="1">
+          <path>/etc/ssh/sshd_config.d</path>
+          <filename operation="pattern match">.+</filename>
+          <pattern operation="pattern match">^\s*(?i)ClientAliveCountMax(?-i)\s+"?(\d+)"?\s*(?:|(?:#.*))?$</pattern>
+          <instance datatype="int" operation="greater than or equal">1</instance>
+        </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:27170902" version="2" comment="all sshd_config and sshd_config.d/* files">
+          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
+            <object_reference>oval:mil.disa.stig.ind:obj:27170900</object_reference>
+            <object_reference>oval:mil.disa.stig.ind:obj:27170901</object_reference>
+          </set>
+        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:obj:27172000" version="1">
           <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
             <object_reference>oval:mil.disa.stig.ind:obj:27172001</object_reference>
@@ -31892,8 +31059,9 @@ Privileged functions include, for example, establishing accounts, performing sys
         <partition_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:23030000" version="1">
           <mount_point>/boot</mount_point>
         </partition_object>
-        <partition_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:23030100" version="1">
+        <partition_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:23030100" version="2">
           <mount_point operation="pattern match">^/\S+$</mount_point>
+          <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="exclude">oval:mil.disa.stig.linux:ste:23030103</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.linux:ste:23030102</filter>
         </partition_object>
         <systemdunitproperty_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:23031000" version="1">
@@ -32195,35 +31363,23 @@ Privileged functions include, for example, establishing accounts, performing sys
             <filter>oval:mil.disa.stig.unix:ste:23025800</filter>
           </set>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026100" version="4">
-          <behaviors recurse="directories" recurse_direction="down" />
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026100" version="5">
+          <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so(\.\d+)*$</filename>
+          <filename operation="pattern match">\.so(\S+)*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">oval:mil.disa.stig.unix:ste:20000005</filter>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026200" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026200" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so(\.\d+)*$</filename>
+          <filename operation="pattern match">(\.so\S*)$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">oval:mil.disa.stig.unix:ste:20000006</filter>
         </file_object>
         <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026600" version="1">
           <name>kernel.kexec_load_disabled</name>
         </sysctl_object>
-        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026700" version="1">
-          <name>fs.protected_symlinks</name>
-        </sysctl_object>
-        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026800" version="1">
-          <name>fs.protected_hardlinks</name>
-        </sysctl_object>
-        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23026900" version="1">
-          <name>kernel.dmesg_restrict</name>
-        </sysctl_object>
-        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23027000" version="1">
-          <name>kernel.perf_event_paranoid</name>
-        </sysctl_object>
         <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23028000" version="1">
           <name>kernel.randomize_va_space</name>
         </sysctl_object>
@@ -32334,9 +31490,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23053800" version="1">
           <name>net.ipv6.conf.all.accept_source_route</name>
         </sysctl_object>
-        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23053904" version="1">
-          <name>net.ipv6.conf.default.accept_source_route</name>
-        </sysctl_object>
         <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:23054000" version="1">
           <name>net.ipv6.conf.all.forwarding</name>
         </sysctl_object>
@@ -32383,6 +31536,21 @@ Privileged functions include, for example, establishing accounts, performing sys
         <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24455400" version="1">
           <name>net.core.bpf_jit_harden</name>
         </sysctl_object>
+        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24857700" version="1">
+          <name>fs.protected_symlinks</name>
+        </sysctl_object>
+        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24857800" version="1">
+          <name>fs.protected_hardlinks</name>
+        </sysctl_object>
+        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24857900" version="1">
+          <name>kernel.dmesg_restrict</name>
+        </sysctl_object>
+        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24858000" version="1">
+          <name>kernel.perf_event_paranoid</name>
+        </sysctl_object>
+        <sysctl_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:24888204" version="1">
+          <name>net.ipv6.conf.default.accept_source_route</name>
+        </sysctl_object>
         <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:25170800" version="3" comment="All system-wide library directories">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
@@ -32515,12 +31683,6 @@ Privileged functions include, for example, establishing accounts, performing sys
           <path>/etc/ssh/sshd_config.d</path>
           <filename operation="pattern match">.*</filename>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:25802300" version="1" comment="dconf database directories">
-          <behaviors max_depth="1" recurse_direction="down" />
-          <path>/etc/dconf/db</path>
-          <filename xsi:nil="true" />
-          <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:25802300</filter>
-        </file_object>
         <password_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:25804500" version="1" comment="Interactive Users">
           <username operation="pattern match">.*</username>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:25804500</filter>
@@ -32574,38 +31736,38 @@ Privileged functions include, for example, establishing accounts, performing sys
         <symlink_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:25823611" version="1" comment="openssl">
           <filepath>/etc/crypto-policies/back-ends/openssl.config</filepath>
         </symlink_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048700" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048700" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so</filename>
+          <filename operation="pattern match">\.so\S*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:26048700</filter>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048701" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048701" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so</filename>
+          <filename operation="pattern match">\.so\S*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:26048701</filter>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048702" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048702" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so</filename>
+          <filename operation="pattern match">\.so\S*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:26048702</filter>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048703" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048703" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so</filename>
+          <filename operation="pattern match">\.so\S*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:26048703</filter>
         </file_object>
-        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048704" version="2">
+        <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:26048704" version="3">
           <behaviors recurse_direction="down" />
           <path var_ref="oval:mil.disa.stig.defs:var:20000018" var_check="only one" />
-          <filename operation="pattern match">\.so</filename>
+          <filename operation="pattern match">\.so\S*$</filename>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:20000015</filter>
           <filter xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" action="include">oval:mil.disa.stig.unix:ste:26048704</filter>
         </file_object>
@@ -32632,18 +31794,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000003" version="1">
           <subexpression datatype="int" operation="equals">1</subexpression>
         </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000004" version="1">
-          <subexpression datatype="int" operation="equals">2</subexpression>
-        </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000006" version="1">
-          <subexpression datatype="int" operation="equals">4</subexpression>
-        </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000007" version="1">
-          <subexpression datatype="int" operation="equals">5</subexpression>
-        </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000008" version="1">
-          <subexpression datatype="int" operation="equals">6</subexpression>
-        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:20000009" version="1">
           <subexpression datatype="int" operation="equals">7</subexpression>
         </textfilecontent54_state>
@@ -32725,9 +31875,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23026401" version="1">
           <text datatype="string" operation="pattern match">\n\s*gpgcheck\s*=\s*(False|0|no)\s*(\n|$)</text>
         </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23026801" version="1">
-          <subexpression datatype="int" operation="equals">1</subexpression>
-        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23027800" version="1">
           <subexpression operation="pattern match">(^|\s)vsyscall=none(\s|$)</subexpression>
         </textfilecontent54_state>
@@ -32746,9 +31893,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23030800" version="1">
           <subexpression operation="pattern match">(^|,)nosuid(,|$)</subexpression>
         </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23031100" version="1">
-          <subexpression datatype="string" operation="equals">|/bin/false</subexpression>
-        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23031300" version="1">
           <subexpression datatype="int">0</subexpression>
         </textfilecontent54_state>
@@ -32902,9 +32046,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23052700" version="1">
           <text datatype="string" operation="pattern match">^(?i)\s*RekeyLimit\s+[1-9][0-9]*[kmg]?\s+([1-9][0-9]*[smhdw]?)+\s*$</text>
         </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23054701" version="2">
-          <subexpression datatype="int">1</subexpression>
-        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:23481500" version="1" comment="LogLevel value is set to VERBOSE">
           <subexpression datatype="string" operation="pattern match">^VERBOSE$|^"VERBOSE"$</subexpression>
         </textfilecontent54_state>
@@ -32923,6 +32064,9 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25294300" version="1">
           <subexpression datatype="string" operation="pattern match">^(delayed|"delayed")$</subexpression>
         </textfilecontent54_state>
+        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25725800" version="2">
+          <subexpression datatype="int">600</subexpression>
+        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25778700" version="1" comment="GRUB superuser name">
           <subexpression datatype="string" operation="pattern match">^\S+$</subexpression>
         </textfilecontent54_state>
@@ -32977,15 +32121,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25799601" version="1">
           <subexpression datatype="int" operation="greater than">0</subexpression>
         </textfilecontent54_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25802300" version="1">
-          <text datatype="string" operation="pattern match">\nidle-delay=uint32 \d+\s*(\n|$)</text>
-        </textfilecontent54_state>
-        <variable_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25802301" version="1">
-          <value datatype="int">0</value>
-        </variable_state>
-        <variable_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25802302" version="1">
-          <value datatype="int" operation="greater than">900</value>
-        </variable_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25802900" version="3">
           <text datatype="string" operation="pattern match">\ndisable-restart-buttons=(true|'true')\s*(\n|$)</text>
         </textfilecontent54_state>
@@ -32998,9 +32133,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <variable_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25806100" version="1" comment="count of unique GIDs">
           <value datatype="int" var_ref="oval:mil.disa.stig.defs:var:25806101" />
         </variable_state>
-        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25807700" version="1">
-          <subexpression datatype="int">900</subexpression>
-        </textfilecontent54_state>
         <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.ind:ste:25810000" version="2">
           <subexpression datatype="int" operation="greater than or equal">100000</subexpression>
         </textfilecontent54_state>
@@ -33100,6 +32232,9 @@ Privileged functions include, for example, establishing accounts, performing sys
         <partition_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:ste:23030102" version="1">
           <device operation="pattern match">^/dev\S*$</device>
         </partition_state>
+        <partition_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:ste:23030103" version="1">
+          <fs_type>vfat</fs_type>
+        </partition_state>
         <partition_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:ste:23050900" version="1">
           <mount_options entity_check="at least one">nosuid</mount_options>
         </partition_state>
@@ -33228,9 +32363,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23025900" version="1">
           <group_id datatype="int" operation="less than">1000</group_id>
         </file_state>
-        <sysctl_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23026800" version="1">
-          <value datatype="int" operation="equals">1</value>
-        </sysctl_state>
         <sysctl_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23031100" version="1">
           <value datatype="string" operation="equals">|/bin/false</value>
         </sysctl_state>
@@ -33264,9 +32396,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <password_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23053400" version="1">
           <user_id datatype="int" operation="not equal">0</user_id>
         </password_state>
-        <sysctl_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23054700" version="2">
-          <value datatype="int">1</value>
-        </sysctl_state>
         <interface_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:23055400" version="1" comment="Interface is not in PROMISC mode">
           <flag entity_check="none satisfy" operation="pattern match">(^|\s)PROMISC(\s|$)</flag>
         </interface_state>
@@ -33285,9 +32414,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <password_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:25789003" version="1" comment="uid = 65534 (nobody)">
           <user_id datatype="int">65534</user_id>
         </password_state>
-        <file_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:25802300" version="1" comment="dconf database directories">
-          <path operation="pattern match">^/etc/dconf/db/.*\.d$</path>
-        </file_state>
         <password_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:ste:25804500" version="1" comment="Interactive Users">
           <user_id datatype="int" operation="greater than or equal">1000</user_id>
         </password_state>
@@ -33572,14 +32698,6 @@ Privileged functions include, for example, establishing accounts, performing sys
         <local_variable id="oval:mil.disa.stig.defs:var:25789000" version="1" datatype="string" comment="home directories of local interactive users without nologin">
           <object_component object_ref="oval:mil.disa.stig.unix:obj:25789000" item_field="home_dir" />
         </local_variable>
-        <local_variable id="oval:mil.disa.stig.defs:var:25802300" version="1" datatype="string" comment="dconf database directories">
-          <object_component object_ref="oval:mil.disa.stig.unix:obj:25802300" item_field="path" />
-        </local_variable>
-        <local_variable id="oval:mil.disa.stig.defs:var:25802301" version="1" datatype="int" comment="idle-delay value">
-          <regex_capture pattern="\nidle-delay=uint32 (\d+)\s*(?:\n|$)">
-            <object_component object_ref="oval:mil.disa.stig.ind:obj:25802300" item_field="text" />
-          </regex_capture>
-        </local_variable>
         <local_variable id="oval:mil.disa.stig.defs:var:25802600" version="2" datatype="string" comment="dconf user database locks directories">
           <concat>
             <literal_component>/etc/dconf/db/</literal_component>
@@ -33614,19 +32732,16 @@ Privileged functions include, for example, establishing accounts, performing sys
             </unique>
           </count>
         </local_variable>
-        <constant_variable id="oval:mil.disa.stig.defs:var:25814300" version="3" datatype="string" comment="Patterns for remote log acceptance config">
-          <value>^\s*\$ModLoad\s+imtcp</value>
-          <value>^\s*\$ModLoad\s+imudp</value>
-          <value>^\s*\$ModLoad\s+imrelp</value>
-          <value>^\s*\$InputTCPServerRun</value>
-          <value>^\s*\$UDPServerRun</value>
-          <value>^\s*\$InputRELPServerRun</value>
-          <value>^\s*module\s*\(.*\bload\s*=\s*"imtcp".*\)</value>
-          <value>^\s*module\s*\(.*\bload\s*=\s*"imudp".*\)</value>
-          <value>^\s*module\s*\(.*\bload\s*=\s*"imrelp".*\)</value>
-          <value>^\s*input\s*\(.*\btype\s*=\s*"imtcp".*\)</value>
-          <value>^\s*input\s*\(.*\btype\s*=\s*"imudp".*\)</value>
-          <value>^\s*input\s*\(.*\btype\s*=\s*"imrelp".*\)</value>
+        <constant_variable id="oval:mil.disa.stig.defs:var:25814300" version="4" datatype="string" comment="Patterns for remote log acceptance config">
+          <value>^[^#]*InputTCPServerRun</value>
+          <value>^[^#]*UDPServerRun</value>
+          <value>^[^#]*RELPServerRun</value>
+          <value>^[^#]*module\s*\(.*\bload\s*=\s*"imtcp".*\)</value>
+          <value>^[^#]*module\s*\(.*\bload\s*=\s*"imudp".*\)</value>
+          <value>^[^#]*module\s*\(.*\bload\s*=\s*"imrelp".*\)</value>
+          <value>^[^#]*input\s*\(.*\btype\b\s*=\s*"imtcp"\s*\bport\b\s*=\s*"514".*\)</value>
+          <value>^[^#]*input\s*\(.*\btype\b\s*=\s*"imudp"\s*\bport\b\s*=\s*"514".*\)</value>
+          <value>^[^#]*input\s*\(.*\btype\b\s*=\s*"imrelp"\s*\bport\b\s*=\s*"514".*\)</value>
         </constant_variable>
         <local_variable id="oval:mil.disa.stig.defs:var:25815500" version="1" datatype="string" comment="audit partition total size in bytes">
           <arithmetic arithmetic_operation="multiply">
@@ -33634,13 +32749,6 @@ Privileged functions include, for example, establishing accounts, performing sys
             <object_component object_ref="oval:mil.disa.stig.linux:obj:23029400" item_field="total_space" />
           </arithmetic>
         </local_variable>
-        <constant_variable id="oval:mil.disa.stig.ind:var:23026800" version="1" datatype="string" comment="other sysctl configuration file locations">
-          <value>/etc/sysctl.d</value>
-          <value>/run/sysctl.d</value>
-          <value>/lib/sysctl.d</value>
-          <value>/usr/lib/sysctl.d</value>
-          <value>/usr/local/lib/sysctl.d</value>
-        </constant_variable>
         <local_variable id="oval:mil.disa.stig.ind:var:23031600" version="1" datatype="int" comment="count of unique name servers">
           <count>
             <unique>
@@ -33671,15 +32779,15 @@ Privileged functions include, for example, establishing accounts, performing sys
       </variables>
     </oval_definitions>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R6_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" timestamp="2025-09-27T23:04:04.250-04:00">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_9_V2R7_STIG_SCAP_1-3_Benchmark-cpe-oval.xml" timestamp="2026-01-05T14:28:56.958-05:00">
     <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">
       <generator>
-        <oval:product_name>Security Content Tool 1.6.0</oval:product_name>
+        <oval:product_name>Security Content Tool 1.7.0</oval:product_name>
         <oval:schema_version>5.11</oval:schema_version>
-        <oval:timestamp>2025-09-27T11:04:04</oval:timestamp>
+        <oval:timestamp>2026-01-05T02:28:56</oval:timestamp>
       </generator>
       <definitions>
-        <definition id="oval:mil.disa.stig.rhel9os:def:1" version="1" class="inventory">
+        <definition id="oval:mil.disa.stig.rhel9os:def:1" version="2" class="inventory">
           <metadata>
             <title>RHEL 9 is installed</title>
             <affected family="unix">
@@ -33690,6 +32798,8 @@ Privileged functions include, for example, establishing accounts, performing sys
           </metadata>
           <criteria>
             <criterion test_ref="oval:mil.disa.stig.linux:tst:10000006" comment="The redhat-release package is version 9" />
+            <criterion test_ref="oval:mil.disa.stig.linux:tst:10000009" comment="The TOSS Package is not Installed" />
+            <criterion test_ref="oval:mil.disa.stig.linux:tst:10000010" comment="The Oracle Linux Package is not Installed" />
           </criteria>
         </definition>
       </definitions>
@@ -33698,8 +32808,20 @@ Privileged functions include, for example, establishing accounts, performing sys
           <object object_ref="oval:mil.disa.stig.linux:obj:10000004" />
           <state state_ref="oval:mil.disa.stig.linux:ste:10000004" />
         </rpminfo_test>
+        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:10000009" version="1" check_existence="none_exist" check="all" comment="The TOSS Package is not Installed">
+          <object object_ref="oval:mil.disa.stig.linux:obj:10000002" />
+        </rpminfo_test>
+        <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:tst:10000010" version="1" check_existence="none_exist" check="all" comment="The Oracle Linux Package is not Installed">
+          <object object_ref="oval:mil.disa.stig.linux:obj:10000003" />
+        </rpminfo_test>
       </tests>
       <objects>
+        <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:10000002" version="1">
+          <name>toss-release</name>
+        </rpminfo_object>
+        <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:10000003" version="1">
+          <name>oraclelinux-release</name>
+        </rpminfo_object>
         <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:mil.disa.stig.linux:obj:10000004" version="1">
           <name>redhat-release</name>
         </rpminfo_object>
diff --git a/tests/data/profile_stability/rhel9/stig.profile b/tests/data/profile_stability/rhel9/stig.profile
index eb98e27fcea8..a09edad3e17e 100644
--- a/tests/data/profile_stability/rhel9/stig.profile
+++ b/tests/data/profile_stability/rhel9/stig.profile
@@ -71,6 +71,7 @@ audit_rules_dac_modification_removexattr
 audit_rules_dac_modification_setxattr
 audit_rules_dac_modification_umount
 audit_rules_dac_modification_umount2
+audit_rules_etc_cron_d
 audit_rules_execution_chacl
 audit_rules_execution_chcon
 audit_rules_execution_semanage
@@ -124,6 +125,7 @@ audit_rules_usergroup_modification_gshadow
 audit_rules_usergroup_modification_opasswd
 audit_rules_usergroup_modification_passwd
 audit_rules_usergroup_modification_shadow
+audit_rules_var_spool_cron
 auditd_audispd_configure_sufficiently_large_partition
 auditd_data_disk_error_action_stig
 auditd_data_disk_full_action_stig
@@ -173,8 +175,8 @@ dconf_gnome_session_idle_user_locks
 dir_group_ownership_library_dirs
 dir_ownership_library_dirs
 dir_permissions_library_dirs
-dir_perms_world_writable_root_owned
 dir_perms_world_writable_sticky_bits
+dir_perms_world_writable_system_owned
 directory_group_ownership_var_log_audit
 directory_groupowner_sshd_config_d
 directory_owner_sshd_config_d
@@ -293,6 +295,7 @@ harden_sshd_ciphers_openssh_conf_crypto_policy
 harden_sshd_ciphers_opensshserver_conf_crypto_policy
 harden_sshd_macs_openssh_conf_crypto_policy
 harden_sshd_macs_opensshserver_conf_crypto_policy
+inactivity_timeout_value=10_minutes
 install_smartcard_packages
 installed_OS_is_vendor_supported
 kernel_module_atm_disabled
@@ -512,7 +515,7 @@ var_auditd_name_format=stig
 var_auditd_space_left_action=email
 var_auditd_space_left_percentage=25pc
 var_authselect_profile=sssd
-var_logind_session_timeout=15_minutes
+var_logind_session_timeout=10_minutes
 var_multiple_time_servers=stig
 var_networkmanager_dns_mode=explicit_default
 var_password_hashing_algorithm=SHA512
diff --git a/tests/data/profile_stability/rhel9/stig_gui.profile b/tests/data/profile_stability/rhel9/stig_gui.profile
index eeeb1424e414..3e50f112d78d 100644
--- a/tests/data/profile_stability/rhel9/stig_gui.profile
+++ b/tests/data/profile_stability/rhel9/stig_gui.profile
@@ -71,6 +71,7 @@ audit_rules_dac_modification_removexattr
 audit_rules_dac_modification_setxattr
 audit_rules_dac_modification_umount
 audit_rules_dac_modification_umount2
+audit_rules_etc_cron_d
 audit_rules_execution_chacl
 audit_rules_execution_chcon
 audit_rules_execution_semanage
@@ -124,6 +125,7 @@ audit_rules_usergroup_modification_gshadow
 audit_rules_usergroup_modification_opasswd
 audit_rules_usergroup_modification_passwd
 audit_rules_usergroup_modification_shadow
+audit_rules_var_spool_cron
 auditd_audispd_configure_sufficiently_large_partition
 auditd_data_disk_error_action_stig
 auditd_data_disk_full_action_stig
@@ -173,8 +175,8 @@ dconf_gnome_session_idle_user_locks
 dir_group_ownership_library_dirs
 dir_ownership_library_dirs
 dir_permissions_library_dirs
-dir_perms_world_writable_root_owned
 dir_perms_world_writable_sticky_bits
+dir_perms_world_writable_system_owned
 directory_group_ownership_var_log_audit
 directory_groupowner_sshd_config_d
 directory_owner_sshd_config_d
@@ -293,6 +295,7 @@ harden_sshd_ciphers_openssh_conf_crypto_policy
 harden_sshd_ciphers_opensshserver_conf_crypto_policy
 harden_sshd_macs_openssh_conf_crypto_policy
 harden_sshd_macs_opensshserver_conf_crypto_policy
+inactivity_timeout_value=10_minutes
 install_smartcard_packages
 installed_OS_is_vendor_supported
 kernel_module_atm_disabled
@@ -510,7 +513,7 @@ var_auditd_name_format=stig
 var_auditd_space_left_action=email
 var_auditd_space_left_percentage=25pc
 var_authselect_profile=sssd
-var_logind_session_timeout=15_minutes
+var_logind_session_timeout=10_minutes
 var_multiple_time_servers=stig
 var_networkmanager_dns_mode=explicit_default
 var_password_hashing_algorithm=SHA512