diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
index 29bfc7be7d2..d9f12fbe2d7 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
index ed9771d0dfd..59dbba17482 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
index bf0a58b4336..afade41bccb 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index 035ad30cef6..386996adf55 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
index 10bac615f95..9203aa90bcb 100644
--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
@@ -36,6 +36,7 @@ template:
     name: package_removed
     vars:
         pkgname: ypbind
+        pkgname@debian12: ypbind-mt
 
 {{% if product in ["rhel9"] %}}
 warnings:
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
index 658f8a3e475..be1d7c5e0f2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
@@ -1,21 +1,69 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_all
 # reboot = false
 # strategy = configure
 # complexity = low
 # disruption = medium
 
-{{% if product in [ "sle12", "sle15" ] %}}
-{{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
+{{{ ansible_instantiate_variables("var_password_pam_unix_remember") }}}
+
+{{% if "ubuntu" in product or "debian" in product %}}
+{{% set pam_file='/etc/pam.d/common-password' %}}
+{{% set group='password' %}}
+{{% set control='\[success=[A-Za-z0-9].*\]' %}}
+{{% set module='pam_unix.so' %}}
+{{% set option='remember' %}}
+{{% set value='{{ var_password_pam_unix_remember }}' %}}
+{{% elif product in [ "sle12", "sle15" ] %}}
+{{% set pam_file='/etc/pam.d/common-password' %}}
 {{% else %}}
-{{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/system-auth' -%}}
+{{% set pam_file='/etc/pam.d/system-auth' %}}
 {{% endif %}}
 
-{{{ ansible_instantiate_variables("var_password_pam_unix_remember") }}}
+{{% if "ubuntu" in product or "debian" in product %}}
+
+# Modified version of macro ansible_ensure_pam_module_option(pam_file, group, control, module, option, value='', after_match='').
+# The original macro is designed to search/replace also the control field thus treating the field as a constant and escaping the regex.
+# Here we adapt the code to allow using regex on the control field.
+
+- name: '{{{ rule_title }}} - Check if the required PAM module option is present in {{{ pam_file }}}'
+  ansible.builtin.lineinfile:
+    path: "{{{ pam_file }}}"
+    regexp: ^\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}\s*.*\s{{{ option }}}\b
+    state: absent
+  check_mode: true
+  changed_when: false
+  register: result_pam_module_{{{ option }}}_option_present
+
+- name: '{{{ rule_title }}} - Ensure the "{{{ option }}}" PAM option for "{{{ module }}}" is included in {{{ pam_file }}}'
+  ansible.builtin.lineinfile:
+    path: "{{{ pam_file }}}"
+    backrefs: true
+    regexp: ^(\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}.*)
+    line: \1 {{{ option }}}={{{ value }}}
+    state: present
+  register: result_pam_{{{ option }}}_add
+  when:
+    - result_pam_module_{{{ option }}}_option_present.found == 0
 
-{{{ ansible_pam_pwhistory_enable(accounts_password_pam_unix_remember_file,
+- name: '{{{ rule_title }}} - Ensure the required value for "{{{ option }}}" PAM option from "{{{ module }}}" in {{{ pam_file }}}'
+  ansible.builtin.lineinfile:
+    path: "{{{ pam_file }}}"
+    backrefs: true
+    regexp: ^(\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}\s+.*)({{{ option }}})=[0-9a-zA-Z]+\s*(.*)
+    line: \1\2={{{ value }}} \3
+  register: result_pam_{{{ option }}}_edit
+  when:
+    - result_pam_module_{{{ option }}}_option_present.found > 0
+
+
+{{% else %}}
+
+{{{ ansible_pam_pwhistory_enable(pam_file,
                                  'requisite',
                                  '^password.*requisite.*pam_pwquality\.so') }}}
 
-{{{ ansible_pam_pwhistory_parameter_value(accounts_password_pam_unix_remember_file,
+{{{ ansible_pam_pwhistory_parameter_value(pam_file,
                                           'remember',
                                           '{{ var_password_pam_unix_remember }}') }}}
+
+{{% endif %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/ubuntu.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/ubuntu.yml
deleted file mode 100644
index 1532858150a..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/ubuntu.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-# platform = multi_platform_ubuntu
-# reboot = false
-# strategy = configure
-# complexity = low
-# disruption = medium
-
-{{{ ansible_instantiate_variables("var_password_pam_unix_remember") }}}
-
-# Modified version of macro ansible_ensure_pam_module_option(pam_file, group, control, module, option, value='', after_match='').
-# The original macro is designed to search/replace also the control field thus treating the field as a constant and escaping the regex.
-# Here we adapt the code to allow using regex on the control field.
-
-{{% set pam_file='/etc/pam.d/common-password' %}}
-{{% set group='password' %}}
-{{% set control='\[success=[A-Za-z0-9].*\]' %}}
-{{% set module='pam_unix.so' %}}
-{{% set option='remember' %}}
-{{% set value='{{ var_password_pam_unix_remember }}' %}}
-
-- name: '{{{ rule_title }}} - Check if the required PAM module option is present in {{{ pam_file }}}'
-  ansible.builtin.lineinfile:
-    path: "{{{ pam_file }}}"
-    regexp: ^\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}\s*.*\s{{{ option }}}\b
-    state: absent
-  check_mode: true
-  changed_when: false
-  register: result_pam_module_{{{ option }}}_option_present
-
-- name: '{{{ rule_title }}} - Ensure the "{{{ option }}}" PAM option for "{{{ module }}}" is included in {{{ pam_file }}}'
-  ansible.builtin.lineinfile:
-    path: "{{{ pam_file }}}"
-    backrefs: true
-    regexp: ^(\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}.*)
-    line: \1 {{{ option }}}={{{ value }}}
-    state: present
-  register: result_pam_{{{ option }}}_add
-  when:
-    - result_pam_module_{{{ option }}}_option_present.found == 0
-
-- name: '{{{ rule_title }}} - Ensure the required value for "{{{ option }}}" PAM option from "{{{ module }}}" in {{{ pam_file }}}'
-  ansible.builtin.lineinfile:
-    path: "{{{ pam_file }}}"
-    backrefs: true
-    regexp: ^(\s*{{{ group }}}\s+{{{ control }}}\s+{{{ module }}}\s+.*)({{{ option }}})=[0-9a-zA-Z]+\s*(.*)
-    line: \1\2={{{ value }}} \3
-  register: result_pam_{{{ option }}}_edit
-  when:
-    - result_pam_module_{{{ option }}}_option_present.found > 0
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
index c830c07aa2e..d012e29c415 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
@@ -1,12 +1,18 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_all
 
-{{% if product in [ "sle12", "sle15" ] %}}
+{{{ bash_instantiate_variables("var_password_pam_unix_remember") }}}
+
+{{% if "debian" in product or "ubuntu" in product or product in ["sle12", "sle15" ] %}}
 {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
 {{% else %}}
 {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/system-auth' -%}}
 {{% endif %}}
 
-{{{ bash_instantiate_variables("var_password_pam_unix_remember") }}}
+{{% if "debian" in product or "ubuntu" in product %}}
+
+{{{ bash_ensure_pam_module_options(accounts_password_pam_unix_remember_file, 'password', '\[success=[[:alnum:]].*\]', 'pam_unix.so', 'remember', "$var_password_pam_unix_remember", "$var_password_pam_unix_remember") }}}
+
+{{% else %}}
 
 {{{ bash_pam_pwhistory_enable(accounts_password_pam_unix_remember_file,
                               'requisite',
@@ -15,3 +21,6 @@
 {{{ bash_pam_pwhistory_parameter_value(accounts_password_pam_unix_remember_file,
                                        'remember',
                                        "$var_password_pam_unix_remember") }}}
+
+{{% endif %}}
+
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/ubuntu.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/ubuntu.sh
deleted file mode 100644
index dedfc48a1e9..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/ubuntu.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-# platform = multi_platform_ubuntu
-
-{{{ bash_instantiate_variables("var_password_pam_unix_remember") }}}
-
-{{{ bash_ensure_pam_module_options('/etc/pam.d/common-password', 'password', '\[success=[[:alnum:]].*\]', 'pam_unix.so', 'remember', "$var_password_pam_unix_remember", "$var_password_pam_unix_remember") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml
index eae79c23ea6..945e014deb0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if product in [ "sle12", "sle15" ] %}}
+{{% if product in [ "sle12", "sle15" ] or "debian" in product or "ubuntu" in product %}}
 {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
 {{% else %}}
 {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/system-auth' -%}}
@@ -9,150 +9,154 @@
     {{{ oval_metadata("The passwords to remember should be set correctly.") }}}
     <criteria operator="OR" comment="Check if pam_pwhistory.so or pam_unix.so are configured">
       <criteria operator="AND" comment="Check if pam_pwhistory.so is properly configured">
-        <!--
-          pam_pwhistory.so parameters can be defined directly in pam files or, in newer versions,
-          in /etc/security/pwhistory.conf. The last is the recommended option when available. Also,
-          is the option used by auselect tool. However, regardless the approach, a minimal
-          declaration is common in pam files. -->
-        <criterion test_ref="test_accounts_password_pam_unix_remember"
-          comment="pam_pwhistory.so is properly defined in password section of PAM file"/>
-
-        <!--
-          pam_pwhistory.so parameters should be defined in /etc/security/pwhistory.conf whenever
-          possible. But due to backwards compatibility, they are also allowed in pam files directly.
-          In case they are defined in both places, pam files have precedence and this may confuse
-          the assessment. The following tests ensure only one option is used. Note that if
-          pwhistory.conf is available, authselect tool will preserve PAM files from parameters
-          definitions in favor of /etc/security/pwhistory.conf. -->
-        <criteria operator="OR"
-          comment="Check the expected value for pam_pwhistory.so remember parameter">
-          <criteria operator="AND"
-            comment="Check the pam_pwhistory.so remember parameter is only in PAM file">
-            <criterion
-              test_ref="test_accounts_password_pam_unix_remember_pamd"
-              comment="Check the remember parameter in password section of PAM file"/>
-            <criterion
-              test_ref="test_accounts_password_pam_unix_remember_no_pwhistory_conf"
-              comment="Check the pam_pwhistory.so remember parameter is absent in pwhistory.conf"/>
-          </criteria>
-          <criteria operator="AND"
-            comment="Check the pam_pwhistory.so remember parameter is only in pwhistory.conf file">
-            <criterion
-              test_ref="test_accounts_password_pam_unix_remember_no_pamd"
-              comment="Check the pam_pwhistory.so remember parameter is absent in PAM file"/>
-            <criterion
-              test_ref="test_accounts_password_pam_unix_remember_pwhistory_conf"
-              comment="Check the remember parameter in /etc/security/pwhistory.conf"/>
-          </criteria>
-        </criteria>
+	<!--
+	    pam_pwhistory.so parameters can be defined directly in pam files or, in newer versions,
+	    in /etc/security/pwhistory.conf. The last is the recommended option when available. Also,
+	    is the option used by auselect tool. However, regardless the approach, a minimal
+	    declaration is common in pam files. -->
+	<criterion test_ref="test_accounts_password_pam_unix_remember"
+		   comment="pam_pwhistory.so is properly defined in password section of PAM file"/>
+
+	<!--
+	    pam_pwhistory.so parameters should be defined in /etc/security/pwhistory.conf whenever
+	    possible. But due to backwards compatibility, they are also allowed in pam files directly.
+	    In case they are defined in both places, pam files have precedence and this may confuse
+	    the assessment. The following tests ensure only one option is used. Note that if
+	    pwhistory.conf is available, authselect tool will preserve PAM files from parameters
+	    definitions in favor of /etc/security/pwhistory.conf. -->
+	<criteria operator="OR"
+		  comment="Check the expected value for pam_pwhistory.so remember parameter">
+	  <criteria operator="AND"
+		    comment="Check the pam_pwhistory.so remember parameter is only in PAM file">
+	    <criterion
+		test_ref="test_accounts_password_pam_unix_remember_pamd"
+		comment="Check the remember parameter in password section of PAM file"/>
+	    <criterion
+		test_ref="test_accounts_password_pam_unix_remember_no_pwhistory_conf"
+		comment="Check the pam_pwhistory.so remember parameter is absent in pwhistory.conf"/>
+	  </criteria>
+	  <criteria operator="AND"
+		    comment="Check the pam_pwhistory.so remember parameter is only in pwhistory.conf file">
+	    <criterion
+		test_ref="test_accounts_password_pam_unix_remember_no_pamd"
+		comment="Check the pam_pwhistory.so remember parameter is absent in PAM file"/>
+	    <criterion
+		test_ref="test_accounts_password_pam_unix_remember_pwhistory_conf"
+		comment="Check the remember parameter in /etc/security/pwhistory.conf"/>
+	  </criteria>
+	</criteria>
       </criteria>
       <criterion test_ref="test_accounts_password_pam_unix_remember_legacy"
-        comment="Remember parameter of pam_unix.so is properly configured"/>
+		 comment="Remember parameter of pam_unix.so is properly configured"/>
     </criteria>
   </definition>
 
+  <external_variable comment="number of passwords that should be remembered" datatype="int" id="var_password_pam_unix_remember" version="1" />
+
   <!-- is pam_pwhistory.so enabled? -->
   <ind:textfilecontent54_test id="test_accounts_password_pam_unix_remember"
-    check="all" version="1" comment="Check pam_pwhistory.so presence in PAM file">
+			      check="all" version="1" comment="Check pam_pwhistory.so presence in PAM file">
     <ind:object object_ref="object_accounts_password_pam_unix_remember"/>
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_accounts_password_pam_unix_remember"
-    version="1">
+				version="1">
     <ind:filepath>{{{ accounts_password_pam_unix_remember_file }}}</ind:filepath>
     <ind:pattern var_ref="var_accounts_password_pam_unix_remember_module_regex"
-      var_check="at least one" operation="pattern match"/>
+		 var_check="at least one" operation="pattern match"/>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
   <!-- is the pam_pwhistory.so remember parameter correctly defined only in PAM files? -->
   <ind:textfilecontent54_test
-    id="test_accounts_password_pam_unix_remember_pamd" check="all" version="1"
-    comment="Check remember parameter is present and correct in PAM file">
+      id="test_accounts_password_pam_unix_remember_pamd" check="all" version="1"
+      comment="Check remember parameter is present and correct in PAM file">
     <ind:object object_ref="object_accounts_password_pam_unix_remember_pamd"/>
     <ind:state state_ref="state_accounts_password_pam_unix_remember"/>
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object
-    id="object_accounts_password_pam_unix_remember_pamd" version="1">
+      id="object_accounts_password_pam_unix_remember_pamd" version="1">
     <ind:filepath>{{{ accounts_password_pam_unix_remember_file }}}</ind:filepath>
     <ind:pattern var_check="at least one" operation="pattern match"
-      var_ref="var_accounts_password_pam_unix_remember_pam_param_regex"/>
+		 var_ref="var_accounts_password_pam_unix_remember_pam_param_regex"/>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
 
   <ind:textfilecontent54_state
-    id="state_accounts_password_pam_unix_remember" version="1">
+      id="state_accounts_password_pam_unix_remember" version="1">
     <ind:subexpression datatype="int" operation="greater than or equal"
-      var_ref="var_password_pam_unix_remember"/>
+		       var_ref="var_password_pam_unix_remember"/>
   </ind:textfilecontent54_state>
 
   <external_variable id="var_password_pam_unix_remember" version="1"
-    datatype="int" comment="number of passwords that should be remembered"/>
+		     datatype="int" comment="number of passwords that should be remembered"/>
+  <external_variable comment="number of passwords that should be remembered" datatype="int" id="var_password_pam_unix_remember" version="1" />
 
   <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-    id="test_accounts_password_pam_unix_remember_no_pwhistory_conf"
-    comment="Check the absence of remember parameter in /etc/security/pwhistory.conf">
+			      id="test_accounts_password_pam_unix_remember_no_pwhistory_conf"
+			      comment="Check the absence of remember parameter in /etc/security/pwhistory.conf">
     <ind:object
-      object_ref="object_accounts_password_pam_unix_remember_param_conf"/>
+	object_ref="object_accounts_password_pam_unix_remember_param_conf"/>
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object
-    id="object_accounts_password_pam_unix_remember_param_conf" version="1"
-    comment="Collect the pam_pwhistory.so remember parameter from /etc/security/pwhistory.conf">
+      id="object_accounts_password_pam_unix_remember_param_conf" version="1"
+      comment="Collect the pam_pwhistory.so remember parameter from /etc/security/pwhistory.conf">
     <ind:filepath operation="pattern match">^/etc/security/pwhistory.conf$</ind:filepath>
     <ind:pattern operation="pattern match"
-      var_ref="var_accounts_password_pam_unix_remember_conf_param_regex"/>
+		 var_ref="var_accounts_password_pam_unix_remember_conf_param_regex"/>
     <ind:instance datatype="int" operation="equals">1</ind:instance>
   </ind:textfilecontent54_object>
 
   <!-- is the pam_pwhistory.so remember parameter correctly defined only in pwhistory.conf? -->
   <ind:textfilecontent54_test
-    id="test_accounts_password_pam_unix_remember_no_pamd" version="1"
-    check="all" check_existence="none_exist"
-    comment="Check remember parameter is absent in PAM file">
+      id="test_accounts_password_pam_unix_remember_no_pamd" version="1"
+      check="all" check_existence="none_exist"
+      comment="Check remember parameter is absent in PAM file">
     <ind:object object_ref="object_accounts_password_pam_unix_remember_pamd"/>
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_test
-    id="test_accounts_password_pam_unix_remember_pwhistory_conf" version="1"
-    check="all" check_existence="all_exist"
-    comment="Check remember parameter is present and correct in /etc/security/pwhistory.conf">
+      id="test_accounts_password_pam_unix_remember_pwhistory_conf" version="1"
+      check="all" check_existence="all_exist"
+      comment="Check remember parameter is present and correct in /etc/security/pwhistory.conf">
     <ind:object object_ref="object_accounts_password_pam_unix_remember_param_conf"/>
     <ind:state state_ref="state_accounts_password_pam_unix_remember"/>
   </ind:textfilecontent54_test>
 
   <!-- variables used to check the module implementation -->
   <local_variable id="var_accounts_password_pam_unix_remember_module_regex"
-    datatype="string" version="1"
-    comment="The regex is to confirm the pam_pwhistory.so module is enabled">
+		  datatype="string" version="1"
+		  comment="The regex is to confirm the pam_pwhistory.so module is enabled">
     <literal_component>^\s*password\s+(?:(?:requisite)|(?:required))\s+pam_pwhistory\.so.*$</literal_component>
   </local_variable>
 
   <!-- variables used to collect the remember parameter value -->
   <local_variable id="var_accounts_password_pam_unix_remember_pam_param_regex"
-    datatype="string" version="1"
-    comment="The regex is to collect the pam_pwhistory.so remember paramerter from PAM files">
+		  datatype="string" version="1"
+		  comment="The regex is to collect the pam_pwhistory.so remember paramerter from PAM files">
     <literal_component>^\s*password\b.*\bpam_pwhistory\.so\b.*\bremember=([0-9]*).*$</literal_component>
   </local_variable>
 
   <local_variable id="var_accounts_password_pam_unix_remember_conf_param_regex"
-    datatype="string" version="1"
-    comment="The regex is to collect the pam_pwhistory.so remember paramerter in pwhistory.conf">
+		  datatype="string" version="1"
+		  comment="The regex is to collect the pam_pwhistory.so remember paramerter in pwhistory.conf">
     <literal_component>^\s*remember\s*=\s*([0-9]+)</literal_component>
   </local_variable>
 
   <!-- Check the pam_unix.so remember case -->
   <ind:textfilecontent54_test id="test_accounts_password_pam_unix_remember_legacy" version="1"
-    check="all" check_existence="all_exist"
-    comment="Test if remember attribute of pam_unix.so is set correctly in /etc/pam.d/system-auth">
+			      check="all" check_existence="all_exist"
+			      comment="Test if remember attribute of pam_unix.so is set correctly in {{{ accounts_password_pam_unix_remember_file }}}">
     <ind:object object_ref="object_accounts_password_pam_unix_remember_legacy" />
     <ind:state state_ref="state_accounts_password_pam_unix_remember" />
   </ind:textfilecontent54_test>
 
   <ind:textfilecontent54_object id="object_accounts_password_pam_unix_remember_legacy" version="1">
-    <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
-    <ind:pattern operation="pattern match">^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*remember=([0-9]*).*$</ind:pattern>
+    <ind:filepath>{{{ accounts_password_pam_unix_remember_file }}}</ind:filepath>
+    <ind:pattern operation="pattern match">^\s*password\s+(?:(?:sufficient)|(?:required)|(?:\[.*\]))\s+pam_unix\.so.*remember=([0-9]*).*$</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
+
 </def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/ubuntu.xml
deleted file mode 100644
index 13ca8a977b7..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/oval/ubuntu.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<def-group>
-  <definition class="compliance" id="accounts_password_pam_unix_remember" version="2">
-    {{{ oval_metadata("The passwords to remember should be set correctly.") }}}
-    <criteria comment="remember parameter of pam_unix.so is set correctly" operator="AND">
-      <criterion comment="remember parameter of pam_unix.so is set correctly" test_ref="test_accounts_password_pam_unix_remember" />
-    </criteria>
-  </definition>
-
-  <!-- Check the pam_unix.so remember case -->
-  <ind:textfilecontent54_test id="test_accounts_password_pam_unix_remember" check="all" check_existence="all_exist"
-  comment="Test if remember attribute of pam_unix.so is set correctly in /etc/pam.d/common-password" version="1">
-    <ind:object object_ref="object_accounts_password_pam_unix_remember" />
-    <ind:state state_ref="state_accounts_password_pam_unix_remember" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_accounts_password_pam_unix_remember" version="1">
-    <ind:filepath>/etc/pam.d/common-password</ind:filepath>
-    <ind:pattern operation="pattern match">^\s*password\s+\[.*\]\s+pam_unix\.so.*remember=([0-9]*).*$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state id="state_accounts_password_pam_unix_remember" version="1">
-    <ind:subexpression datatype="int" operation="greater than or equal" var_ref="var_password_pam_unix_remember" />
-  </ind:textfilecontent54_state>
-
-  <external_variable comment="number of passwords that should be remembered" datatype="int" id="var_password_pam_unix_remember" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
index 3b8210eaea5..99fb2b5abfa 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -3,7 +3,7 @@ documentation_complete: true
 
 title: 'Limit Password Reuse'
 
-{{% if 'ubuntu' not in product %}}
+{{% if 'ubuntu' not in product and 'debian' not in product %}}
 {{% set configFile = "/etc/pam.d/system-auth" %}}
 {{% else %}}
 {{% set configFile = "/etc/pam.d/common-password" %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
deleted file mode 100644
index 8ab749d4f7c..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-{{{ ansible_pam_faillock_enable() }}}
-{{{ ansible_pam_faillock_parameter_value("deny", "var_accounts_passwords_pam_faillock_deny") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
deleted file mode 100644
index 449d912d0dd..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-
-{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}}
-
-{{{ bash_pam_faillock_enable() }}}
-{{{ bash_pam_faillock_parameter_value("deny", "$var_accounts_passwords_pam_faillock_deny") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml
deleted file mode 100644
index 0abb80d8d5d..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/openeuler.xml
+++ /dev/null
@@ -1,291 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="5">
-    {{{ oval_metadata("Lockout account after failed login attempts") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on it -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so deny parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in pam files">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-                comment="Check the deny parameter in auth section of system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-                comment="Check the deny parameter in auth section of password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-                comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in faillock.conf">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-                comment="Check the deny parameter is not present system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-                comment="Check the deny parameter is not present password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-                comment="Ensure the deny parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify pam_faillock.so deny entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify deny entry in /etc/security/faillock.conf">
-    <value>^[\s]*deny[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_deny" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_deny"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so deny parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Get the pam_faillock.so deny parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Check the expected deny value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-        comment="Check the absence of deny parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so deny parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Get the pam_faillock.so deny parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Check the expected deny value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-        comment="Check the absence of deny parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so deny parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so deny parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-        comment="Check the expected deny value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-        comment="Check the absence of deny parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
deleted file mode 100644
index 4c3b56ba06c..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/shared.xml
+++ /dev/null
@@ -1,291 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="5">
-    {{{ oval_metadata("Lockout account after failed login attempts") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on it -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so deny parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in pam files">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-                comment="Check the deny parameter in auth section of system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-                comment="Check the deny parameter in auth section of password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-                comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so deny parameter in faillock.conf">
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-                comment="Check the deny parameter is not present system-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-                comment="Check the deny parameter is not present password-auth file"/>
-          <criterion
-                test_ref="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-                comment="Ensure the deny parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify pam_faillock.so deny entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify deny entry in /etc/security/faillock.conf">
-    <value>^[\s]*deny[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_deny_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_deny" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_deny"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so deny parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Get the pam_faillock.so deny parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_system"
-        comment="Check the expected deny value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_system"
-        comment="Check the absence of deny parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so deny parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Get the pam_faillock.so deny parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_deny_pam_faillock_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_pamd_password"
-        comment="Check the expected deny value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_pamd_password"
-        comment="Check the absence of deny parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so deny parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so deny parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_deny_faillock_conf_deny_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"
-        comment="Check the expected deny value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_deny_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_deny_parameter_no_faillock_conf"
-        comment="Check the absence of deny parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_deny_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml
deleted file mode 100644
index 443a85b2934..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/oval/ubuntu.xml
+++ /dev/null
@@ -1,201 +0,0 @@
-{{# Very similar OVAL is used in several rules, differing primarily in faillock.so parameter. #}}
-{{# For transferability, we define the parameter and corresponding regular expressions in jinja. #}}
-{{# The rules should ideally use a single template. #}}
-
-{{% set prm_name = "deny" %}}
-{{% set prm_regex_conf = "^[\s]*deny[\s]*=[\s]*([0-9]+)" %}}
-{{% set prm_regex_pamd = "^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)" %}}
-{{% set ext_variable = "var_accounts_passwords_pam_faillock_deny" %}}
-{{% set description = "Lockout account after failed login attempts." %}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="2">
-    {{{ oval_metadata(description) }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-            comment="pam_unix.so appears only once in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-            comment="pam_faillock.so is properly defined in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-            comment="pam_faillock.so is properly defined in common-account"/>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ prm_name }}} parameter">
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in pam files">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is not present in /etc/security/faillock.conf"/>
-        </criteria>
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in faillock.conf">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is not present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^\s*auth.*pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-      <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so {{{ prm_name }}} entry in auth section of pam files">
-    <value>{{{ prm_regex_pamd }}}</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify {{{ prm_name }}} entry in /etc/security/faillock.conf">
-    <value>{{{ prm_regex_conf }}}</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of common-auth file -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of common-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-account -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="One and only one occurrence is expected in common-account">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of common-account">
-    <ind:filepath>/etc/pam.d/common-account</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="{{{ ext_variable }}}" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound">
-    <ind:subexpression datatype="int" operation="less than or equal"
-          var_ref="{{{ ext_variable }}}"/>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <!-- Check absence of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-        comment="Check the absence of {{{ prm_name }}} parameter in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Check the expected {{{ prm_name }}} value in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Get the pam_faillock.so {{{ prm_name }}} parameter from common-auth file">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-        comment="Check the absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-        comment="Check the expected {{{ prm_name }}} value in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_upper_bound"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
index 41fba880482..dd724d1625d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -19,7 +19,7 @@ description: |-
     Where count should be less than or equal to
     {{{ xccdf_value("var_accounts_passwords_pam_faillock_deny") }}} and greater than 0.
     {{% endif %}}
-    {{% if 'ubuntu' not in product %}}
+    {{% if 'ubuntu' not in product and 'debian' not in product %}}
     In order to avoid errors when manually editing these files, it is
     recommended to use the appropriate tools, such as <tt>authselect</tt> or <tt>authconfig</tt>,
     depending on the OS version.
@@ -95,7 +95,7 @@ fixtext: |-
     edit the deny parameter in the following line <tt>after</tt> the <tt>pam_unix.so</tt>
     statement in the <tt>auth</tt> section, like this:
     <pre>auth required pam_faillock.so authfail <tt>deny={{{ xccdf_value("var_accounts_passwords_pam_faillock_deny") }}}</tt> unlock_time={{{ xccdf_value("var_accounts_passwords_pam_faillock_unlock_time") }}} fail_interval={{{ xccdf_value("var_accounts_passwords_pam_faillock_fail_interval") }}}</pre>
-    {{% elif 'ubuntu' in product %}}
+    {{% elif 'ubuntu' in product or 'debian' in product %}}
     Edit <tt>/etc/pam.d/common-auth</tt> and ensure that faillock is configured.
     The pam_faillock.so lines surround the pam_unix.so line. The comment
     "Added to enable faillock" is shown to highlight the additional lines
@@ -129,3 +129,14 @@ warnings:
 
 srg_requirement: |-
     {{{ full_name }}} must automatically lock an account when three unsuccessful logon attempts occur.
+
+template:
+  name: pam_account_password_faillock
+  vars:
+    prm_name: deny
+    prm_regex_conf: ^[\s]*deny[\s]*=[\s]*([0-9]+)
+    prm_regex_pamd: ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*deny=([0-9]+)
+    ext_variable: var_accounts_passwords_pam_faillock_deny
+    description: Lockout account after failed login attempts.
+    variable_upper_bound: use_ext_variable
+    variable_lower_bound: 0
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
deleted file mode 100644
index 039fc519182..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-{{{ ansible_pam_faillock_enable() }}}
-{{{ ansible_pam_faillock_parameter_value("fail_interval", "var_accounts_passwords_pam_faillock_fail_interval") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
deleted file mode 100644
index e7a0882f25c..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
-
-{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}}
-
-{{{ bash_pam_faillock_enable() }}}
-{{{ bash_pam_faillock_parameter_value("fail_interval", "$var_accounts_passwords_pam_faillock_fail_interval") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/shared.xml
deleted file mode 100644
index 1e22214cf84..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/shared.xml
+++ /dev/null
@@ -1,285 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="3">
-    {{{ oval_metadata("The number of allowed failed logins should be set correctly.") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on this file
-      -->
-      <criteria operator="OR"
-                comment="Check expected value for pam_faillock.so fail_interval parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so fail_interval parameter in pam files">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_pamd_system"
-              comment="Check the fail_interval parameter in auth section of system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_pamd_password"
-              comment="Check the fail_interval parameter in auth section of password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_no_faillock_conf"
-              comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-              comment="Check expected pam_faillock.so fail_interval parameter in faillock.conf">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_system"
-              comment="Check the fail_interval parameter is not present system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_password"
-              comment="Check the fail_interval parameter is not present password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_interval_parameter_faillock_conf"
-          comment="Ensure the fail_interval parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_interval_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_interval_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_interval_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_interval_pam_faillock_fail_interval_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so fail_interval entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_interval_faillock_conf_fail_interval_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify fail_interval entry in /etc/security/faillock.conf">
-    <value>^[\s]*fail_interval[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_interval_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_interval_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_interval_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_interval_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_fail_interval" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_interval_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_fail_interval"/>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so fail_interval parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_parameter_pamd_system"
-        comment="Get the pam_faillock.so fail_interval parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_fail_interval_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_pamd_system"
-        comment="Check the expected fail_interval value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_interval_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_system"
-        comment="Check the absence of fail_interval parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so fail_interval parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_interval_parameter_pamd_password"
-        comment="Get the pam_faillock.so fail_interval parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_interval_pam_faillock_fail_interval_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_pamd_password"
-        comment="Check the expected fail_interval value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_interval_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_no_pamd_password"
-        comment="Check the absence of fail_interval parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so fail_interval parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_interval_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so fail_interval parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_interval_faillock_conf_fail_interval_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_faillock_conf"
-        comment="Check the expected fail_interval value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_interval_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_interval_parameter_no_faillock_conf"
-        comment="Check the absence of fail_interval parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_interval_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/ubuntu.xml
deleted file mode 100644
index 02a8568e010..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/oval/ubuntu.xml
+++ /dev/null
@@ -1,195 +0,0 @@
-{{# Very similar OVAL is used in several rules, differing primarily in faillock.so parameter. #}}
-{{# For transferability, we define the parameter and corresponding regular expressions in jinja. #}}
-{{# The rules should ideally use a single template. #}}
-
-{{% set prm_name = "fail_interval" %}}
-{{% set prm_regex_conf = "^[\s]*fail_interval[\s]*=[\s]*([0-9]+)" %}}
-{{% set prm_regex_pamd = "^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)" %}}
-{{% set ext_variable = "var_accounts_passwords_pam_faillock_fail_interval" %}}
-{{% set description = "The number of allowed failed logins should be set correctly." %}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="4">
-    {{{ oval_metadata(description) }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-            comment="pam_unix.so appears only once in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-            comment="pam_faillock.so is properly defined in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-            comment="pam_faillock.so is properly defined in common-account"/>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ prm_name }}} parameter">
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in pam files">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is not present in /etc/security/faillock.conf"/>
-        </criteria>
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in faillock.conf">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is not present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^\s*auth.*pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-      <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so {{{ prm_name }}} entry in auth section of pam files">
-    <value>{{{ prm_regex_pamd }}}</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify {{{ prm_name }}} entry in /etc/security/faillock.conf">
-    <value>{{{ prm_regex_conf }}}</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of common-auth file -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of common-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-account -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="One and only one occurrence is expected in common-account">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of common-account">
-    <ind:filepath>/etc/pam.d/common-account</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="{{{ ext_variable }}}" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-          var_ref="{{{ ext_variable }}}"/>
-  </ind:textfilecontent54_state>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-        comment="Check the absence of {{{ prm_name }}} parameter in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Check the expected {{{ prm_name }}} value in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Get the pam_faillock.so {{{ prm_name }}} parameter from common-auth file">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-        comment="Check the absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-        comment="Check the expected {{{ prm_name }}} value in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
index f4e2cc50c93..7d785f2d9a3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
@@ -17,7 +17,7 @@ description: |-
     Ensure that the file <tt>/etc/security/faillock.conf</tt> contains the following entry:
     <tt>fail_interval = &lt;interval-in-seconds&gt;</tt> where <tt>interval-in-seconds</tt> is <tt>{{{ xccdf_value("var_accounts_passwords_pam_faillock_fail_interval") }}}</tt> or greater.
     {{% endif %}}
-    {{% if 'ubuntu' not in product %}}
+    {{% if 'ubuntu' not in product and 'debian' not in product %}}
     In order to avoid errors when manually editing these files, it is
     recommended to use the appropriate tools, such as <tt>authselect</tt> or <tt>authconfig</tt>,
     depending on the OS version.
@@ -120,3 +120,13 @@ warnings:
         be shown in the remediation report.
         If the system supports the <tt>/etc/security/faillock.conf</tt> file, the pam_faillock
         parameters should be defined in <tt>faillock.conf</tt> file.
+
+template:
+  name: pam_account_password_faillock
+  vars:
+    prm_name: fail_interval
+    prm_regex_conf: ^[\s]*fail_interval[\s]*=[\s]*([0-9]+)
+    prm_regex_pamd: ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*fail_interval=([0-9]+)
+    ext_variable: var_accounts_passwords_pam_faillock_fail_interval
+    description: The number of allowed failed logins should be set correctly.
+    variable_lower_bound: use_ext_variable
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
deleted file mode 100644
index 230ff5eaa3d..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-# reboot = false
-# strategy = restrict
-# complexity = low
-# disruption = low
-{{{ ansible_pam_faillock_enable() }}}
-{{{ ansible_pam_faillock_parameter_value("unlock_time", "var_accounts_passwords_pam_faillock_unlock_time") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
deleted file mode 100644
index 3a32aad36c0..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
-
-{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
-
-{{{ bash_pam_faillock_enable() }}}
-{{{ bash_pam_faillock_parameter_value("unlock_time", "$var_accounts_passwords_pam_faillock_unlock_time") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/openeuler.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/openeuler.xml
deleted file mode 100644
index 94c1ecaa55c..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/openeuler.xml
+++ /dev/null
@@ -1,285 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="3">
-    {{{ oval_metadata("The unlock time after number of failed logins should be set correctly.") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on this file
-      -->
-      <criteria operator="OR"
-                comment="Check expected value for pam_faillock.so unlock_time parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so unlock_time parameter in pam files">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-              comment="Check the unlock_time parameter in auth section of system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-              comment="Check the unlock_time parameter in auth section of password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_faillock_conf"
-              comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-              comment="Check expected pam_faillock.so unlock_time parameter in faillock.conf">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_system"
-              comment="Check the unlock_time parameter is not present system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_password"
-              comment="Check the unlock_time parameter is not present password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-          comment="Ensure the unlock_time parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so unlock_time entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_unlock_time_faillock_conf_unlock_time_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify unlock_time entry in /etc/security/faillock.conf">
-    <value>^[\s]*unlock_time[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_unlock_time" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_unlock_time"/>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so unlock_time parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-        comment="Get the pam_faillock.so unlock_time parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-        comment="Check the expected unlock_time value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_system"
-        comment="Check the absence of unlock_time parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so unlock_time parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-        comment="Get the pam_faillock.so unlock_time parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-        comment="Check the expected unlock_time value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_password"
-        comment="Check the absence of unlock_time parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so unlock_time parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so unlock_time parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_unlock_time_faillock_conf_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-        comment="Check the expected unlock_time value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_faillock_conf"
-        comment="Check the absence of unlock_time parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/shared.xml
deleted file mode 100644
index 5dd850d8caf..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/shared.xml
+++ /dev/null
@@ -1,285 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="3">
-    {{{ oval_metadata("The unlock time after number of failed logins should be set correctly.") }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criteria operator="AND"
-                  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of system-auth"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-                     comment="pam_unix.so appears only once in auth section of password-auth"/>
-        </criteria>
-
-        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
-             versions, in /etc/security/faillock.conf. The last is the recommended option when
-             available. Also, is the option used by auselect tool. However, regardless the
-             approach, a minimal declaration is common in pam files. -->
-        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of system-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-              comment="pam_faillock.so is properly defined in auth section of password-auth"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-              comment="pam_faillock.so is properly defined in account section of password-auth"/>
-        </criteria>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. Note
-           that if faillock.conf is available, authselect tool only manage parameters on this file
-      -->
-      <criteria operator="OR"
-                comment="Check expected value for pam_faillock.so unlock_time parameter">
-        <criteria operator="AND"
-                  comment="Check expected pam_faillock.so unlock_time parameter in pam files">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-              comment="Check the unlock_time parameter in auth section of system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-              comment="Check the unlock_time parameter in auth section of password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_faillock_conf"
-              comment="Ensure /etc/security/faillock.conf is not used together with pam files"/>
-        </criteria>
-        <criteria operator="AND"
-              comment="Check expected pam_faillock.so unlock_time parameter in faillock.conf">
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_system"
-              comment="Check the unlock_time parameter is not present system-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_password"
-              comment="Check the unlock_time parameter is not present password-auth file"/>
-          <criterion
-              test_ref="test_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-          comment="Ensure the unlock_time parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^[\s]*auth\N+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so unlock_time entry in auth section of pam files">
-    <value>^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+)</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_unlock_time_faillock_conf_unlock_time_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify unlock_time entry in /etc/security/faillock.conf">
-    <value>^[\s]*unlock_time[\s]*=[\s]*([0-9]+)</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of system-auth file -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
-    <!-- It is not expected to find a second instance of this pattern -->
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check occurrences of pam_unix.so in auth section in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of system-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of system-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_system_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check common definition of pam_faillock.so in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of password-auth">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"
-        comment="One and only one occurrence is expected in auth section of password-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_unlock_time_password_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="var_accounts_passwords_pam_faillock_unlock_time" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-                       var_ref="var_accounts_passwords_pam_faillock_unlock_time"/>
-  </ind:textfilecontent54_state>
-
-  <!-- Check the pam_faillock.so unlock_time parameter in system-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-        comment="Get the pam_faillock.so unlock_time parameter from system-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/system-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"
-        comment="Check the expected unlock_time value in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_system"
-        comment="Check the absence of unlock_time parameter in system-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_system"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check the pam_faillock.so unlock_time parameter in password-auth -->
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-        comment="Get the pam_faillock.so unlock_time parameter from password-auth file">
-    <ind:filepath operation="pattern match">^/etc/pam.d/password-auth$</ind:filepath>
-    <ind:pattern operation="pattern match"
-            var_ref="var_accounts_passwords_pam_faillock_unlock_time_pam_faillock_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"
-        comment="Check the expected unlock_time value in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_pamd_password"
-        comment="Check the absence of unlock_time parameter in password-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_pamd_password"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check pam_faillock.so unlock_time parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so unlock_time parameter in /etc/security/faillock.conf">
-    <ind:filepath operation="pattern match">^/etc/security/faillock.conf$</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_unlock_time_faillock_conf_unlock_time_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"
-        comment="Check the expected unlock_time value in in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_unlock_time_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_unlock_time_parameter_no_faillock_conf"
-        comment="Check the absence of unlock_time parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_unlock_time_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/ubuntu.xml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/ubuntu.xml
deleted file mode 100644
index 6f90a6e6a5f..00000000000
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/oval/ubuntu.xml
+++ /dev/null
@@ -1,195 +0,0 @@
-{{# Very similar OVAL is used in several rules, differing primarily in faillock.so parameter. #}}
-{{# For transferability, we define the parameter and corresponding regular expressions in jinja. #}}
-{{# The rules should ideally use a single template. #}}
-
-{{% set prm_name = "unlock_time" %}}
-{{% set prm_regex_conf = "^[\s]*unlock_time[\s]*=[\s]*([0-9]+)" %}}
-{{% set prm_regex_pamd = "^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+)" %}}
-{{% set ext_variable = "var_accounts_passwords_pam_faillock_unlock_time" %}}
-{{% set description = "The unlock time after number of failed logins should be set correctly." %}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="4">
-    {{{ oval_metadata(description) }}}
-    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
-      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
-        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
-             as reference for the correct position of pam_faillock.so in auth section. If the
-             system is properly configured, it must appear only once in auth section. -->
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-            comment="pam_unix.so appears only once in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-            comment="pam_faillock.so is properly defined in auth section of common-auth"/>
-        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-            comment="pam_faillock.so is properly defined in common-account"/>
-      </criteria>
-
-      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
-           possible. But due to backwards compatibility, they are also allowed in pam files
-           directly. In case they are defined in both places, pam files have precedence and this
-           may confuse the assessment. The following tests ensure only one option is used. -->
-      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ prm_name }}} parameter">
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in pam files">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is not present in /etc/security/faillock.conf"/>
-        </criteria>
-        <criteria operator="AND"
-            comment="Check expected pam_faillock.so {{{ prm_name }}} parameter in faillock.conf">
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-              comment="Check the {{{ prm_name }}} parameter is not present common-auth file"/>
-          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-              comment="Ensure the {{{ prm_name }}} parameter is present in /etc/security/faillock.conf"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <!-- The following tests demand complex regex which are necessary more than once.
-       These variables make simpler the usage of regex patterns. -->
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_unix.so in auth section of pam files">
-    <value>^\s*auth.*pam_unix\.so</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entries in auth section of pam files">
-      <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
-  </constant_variable>
-
-  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"
-                datatype="string" version="1"
-                comment="regex to identify pam_faillock.so entry in account section of pam files">
-    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
-  </constant_variable>
-
-  <constant_variable
-    id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"
-    datatype="string" version="1"
-    comment="regex to identify pam_faillock.so {{{ prm_name }}} entry in auth section of pam files">
-    <value>{{{ prm_regex_pamd }}}</value>
-  </constant_variable>
-
-  <constant_variable
-              id="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"
-              datatype="string" version="1"
-              comment="regex to identify {{{ prm_name }}} entry in /etc/security/faillock.conf">
-    <value>{{{ prm_regex_conf }}}</value>
-  </constant_variable>
-
-  <!-- Check occurrences of pam_unix.so in auth section of common-auth file -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="No more than one pam_unix.so is expected in auth section of common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_unix_auth"
-        comment="Get the second and subsequent occurrences of pam_unix.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_unix_regex"/>
-    <ind:instance datatype="int" operation="greater than">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check common definition of pam_faillock.so in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="One and only one occurrence is expected in auth section of common-auth">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_auth"
-        comment="Check common definition of pam_faillock.so in auth section of common-auth">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_auth_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <!-- Check account definition of pam_faillock.so in common-account -->
-  <ind:textfilecontent54_test check="all" check_existence="only_one_exists" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="One and only one occurrence is expected in common-account">
-    <ind:object
-        object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_common_pam_faillock_account"
-        comment="Check common definition of pam_faillock.so in account section of common-account">
-    <ind:filepath>/etc/pam.d/common-account</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_account_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- boundaries to test the parameter value -->
-  <!-- Specify the required external variable & create corresponding state from it -->
-  <external_variable id="{{{ ext_variable }}}" datatype="int"
-                     comment="number of failed login attempts allowed" version="1"/>
-
-  <ind:textfilecontent54_state version="1"
-        id="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-          var_ref="{{{ ext_variable }}}"/>
-  </ind:textfilecontent54_state>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_pamd_common"
-        comment="Check the absence of {{{ prm_name }}} parameter in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in common-auth -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Check the expected {{{ prm_name }}} value in common-auth">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-        id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_pamd_common"
-        comment="Get the pam_faillock.so {{{ prm_name }}} parameter from common-auth file">
-    <ind:filepath>/etc/pam.d/common-auth</ind:filepath>
-    <ind:pattern operation="pattern match"
-                 var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_pam_faillock_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <!-- Check absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="none_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_no_faillock_conf"
-        comment="Check the absence of {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-  </ind:textfilecontent54_test>
-
-  <!-- Check expected value of {{{ prm_name }}} parameter in /etc/security/faillock.conf -->
-  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
-        id="test_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-        comment="Check the expected {{{ prm_name }}} value in /etc/security/faillock.conf">
-    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"/>
-    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_lower_bound"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object version="1"
-      id="object_accounts_passwords_pam_faillock_{{{ prm_name }}}_parameter_faillock_conf"
-      comment="Check the expected pam_faillock.so {{{ prm_name }}} parameter in /etc/security/faillock.conf">
-    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
-    <ind:pattern operation="pattern match"
-          var_ref="var_accounts_passwords_pam_faillock_{{{ prm_name }}}_faillock_conf_{{{ prm_name }}}_parameter_regex"/>
-    <ind:instance datatype="int" operation="equals">1</ind:instance>
-  </ind:textfilecontent54_object>
-</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
index ea9414e6b07..e20bb698663 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
@@ -127,3 +127,13 @@ warnings:
         be shown in the remediation report.
         If the system supports the <tt>/etc/security/faillock.conf</tt> file, the pam_faillock
         parameters should be defined in <tt>faillock.conf</tt> file.
+
+template:
+  name: pam_account_password_faillock
+  vars:
+    prm_name: unlock_time
+    prm_regex_conf: ^[\s]*unlock_time[\s]*=[\s]*([0-9]+)
+    prm_regex_pamd: ^[\s]*auth[\s]+.+[\s]+pam_faillock.so[\s]+[^\n]*unlock_time=([0-9]+)
+    ext_variable: var_accounts_passwords_pam_faillock_unlock_time
+    description: The unlock time after number of failed logins should be set correctly.
+    variable_lower_bound: use_ext_variable
diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
index 284f24ca7a4..544f370e22c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
@@ -4,7 +4,7 @@ documentation_complete: true
 title: 'Install pam_pwquality Package'
 
 description: |-
-    {{% if 'ubuntu' not in product %}}
+    {{% if 'ubuntu' not in product and 'debian' not in product %}}
     {{{ describe_package_install(package="libpwquality") }}}
     {{% else %}}
     {{{ describe_package_install(package="libpam-pwquality") }}}
@@ -35,7 +35,7 @@ references:
 ocil_clause: 'the package is not installed'
 
 ocil: |-
-{{%- if 'ubuntu' not in product %}}
+{{%- if 'ubuntu' not in product and 'debian' not in product %}}
     {{{ ocil_package(package="libpwquality") }}}
 {{%- else %}}
     {{{ ocil_package(package="libpam-pwquality") }}}
@@ -47,5 +47,6 @@ template:
         pkgname: libpwquality
         pkgname@ubuntu2004: libpam-pwquality
         pkgname@ubuntu2204: libpam-pwquality
+        pkgname@debian12: libpam-pwquality
 
 platform: package[pam]
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/debian.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/debian.sh
new file mode 100644
index 00000000000..5324cef7214
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/debian.sh
@@ -0,0 +1,5 @@
+# platform = multi_platform_debian
+
+{{{ bash_instantiate_variables("var_password_pam_retry") }}}
+
+{{{ bash_ensure_pam_module_options('/etc/pam.d/common-password', 'password', 'requisite', 'pam_pwquality.so', 'retry', "$var_password_pam_retry", "$var_password_pam_retry") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml
index ee1f51d3d4c..4ae8aec49b3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if 'ubuntu' in product %}}
+{{% if 'ubuntu' in product or 'debian' in product %}}
 {{% set configuration_files = ["common-password"] %}}
 {{% elif product in ['ol8','ol9','rhel8', 'rhel9'] %}}
 {{% set configuration_files = ["password-auth","system-auth"] %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
index 411a67363a4..aa51339458f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
@@ -9,7 +9,7 @@ description: |-
     Edit the <tt>/etc/security/pwquality.conf</tt> to include
     {{% else %}}
     Edit the <tt>pam_pwquality.so</tt> statement in
-    {{% if 'ubuntu' not in product %}}
+    {{% if 'ubuntu' not in product and 'debian' not in product %}}
     <tt>/etc/pam.d/system-auth</tt> to show
     {{% else %}}
     <tt>/etc/pam.d/common-password</tt> to show
@@ -63,7 +63,7 @@ ocil: |-
     <pre>$ grep retry /etc/security/pwquality.conf</pre>
     {{% else %}}
     Check for the use of the "pwquality" retry option in the PAM files with the following command:
-    {{% if 'ubuntu' in product %}}
+    {{% if 'ubuntu' in product or 'debian' in product %}}
     <pre>$ grep pam_pwquality /etc/pam.d/common-password</pre>
     {{% else %}}
     <pre>$ grep pam_pwquality /etc/pam.d/system-auth</pre>
@@ -82,7 +82,7 @@ fixtext: |-
 
     retry={{{ xccdf_value("var_password_pam_retry") }}}
     {{% else %}}
-    {{% if 'ubuntu' in product %}}
+    {{% if 'ubuntu' in product or 'debian' in product %}}
     Add the following line to the "/etc/pam.d/common-password" file (or modify the line to have the required value):
     {{% else %}}
     Add the following line to the "/etc/pam.d/system-auth" file (or modify the line to have the required value):
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
index 2712118e5e3..c8a246b9048 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_all
 
 {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}}
 {{{ bash_replace_or_append('/etc/login.defs', '^ENCRYPT_METHOD', "$var_password_hashing_algorithm", '%s %s') }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
index 808365173de..7bdb759f686 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_debian
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
index a40010714fb..7374c21e869 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
@@ -1,9 +1,11 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
 
 {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
 
 {{% if product in ["sle12", "sle15"] %}}
 {{{ bash_ensure_pam_module_configuration('/etc/pam.d/common-password', 'password', 'sufficient', 'pam_unix.so', 'rounds', "$var_password_pam_unix_rounds", '') }}}
+{{% elif product in ["debian12"] %}}
+{{{ bash_ensure_pam_module_configuration('/etc/pam.d/common-password', 'password', '\[success=1 default=ignore\]', 'pam_unix.so', 'rounds', "$var_password_pam_unix_rounds", '') }}}
 {{% else %}}
 {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'rounds', "$var_password_pam_unix_rounds", '') }}}
 {{% endif %}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/oval/shared.xml
index 40f37245d66..33076d3621c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if product in ["sle12", "sle15"] %}}
+{{% if product in ["sle12", "sle15", "debian12"] %}}
 {{% set pam_passwd_file_path = "/etc/pam.d/common-password" %}}
 {{% else %}}
 {{% set pam_passwd_file_path = "/etc/pam.d/password-auth" %}}
@@ -19,7 +19,11 @@
 
   <ind:textfilecontent54_object id="object_password_auth_pam_unix_rounds" version="1">
     <ind:filepath operation="pattern match">^{{{ pam_passwd_file_path }}}$</ind:filepath>
+    {{% if product in ["debian12"] %}}
+    <ind:pattern operation="pattern match">^\s*password\s+.*\s+pam_unix\.so.*rounds=([0-9]*).*$</ind:pattern>
+    {{% else %}}
     <ind:pattern operation="pattern match">^\s*password\s+(?:(?:sufficient)|(?:required))\s+pam_unix\.so.*rounds=([0-9]*).*$</ind:pattern>
+    {{% endif %}}
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
index f454d4ef615..428b3e6948f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
@@ -3,7 +3,7 @@ documentation_complete: true
 
 title: 'Set number of Password Hashing Rounds - password-auth'
 
-{{% if product in ["sle12", "sle15"] %}}
+{{% if product in ["sle12", "sle15", "debian12"] %}}
 {{% set pam_passwd_file_path = "/etc/pam.d/common-password" %}}
 {{% else %}}
 {{% set pam_passwd_file_path = "/etc/pam.d/password-auth" %}}
@@ -15,8 +15,13 @@ description: |-
     <br /><br />
     In file <tt>{{{ pam_passwd_file_path }}}</tt> append <tt>rounds={{{ xccdf_value("var_password_pam_unix_rounds") }}}</tt>
     to the <tt>pam_unix.so</tt> entry, as shown below:
+    {{% if product in ["debian12"] %}}  
+    <pre>password [success=1 default=ignore] pam_unix.so <i>...existing_options...</i> rounds={{{ xccdf_value("var_password_pam_unix_rounds") }}}</pre>
+    {{% else %}}
     <pre>password sufficient pam_unix.so <i>...existing_options...</i> rounds={{{ xccdf_value("var_password_pam_unix_rounds") }}}</pre>
+    
     The system's default number of rounds is 5000.
+    {{% endif %}}
 
 rationale: |-
     Using a higher number of rounds makes password cracking attacks more difficult.
@@ -45,7 +50,11 @@ ocil: |-
     To verify the number of rounds for the password hashing algorithm is configured, run the following command:
     <pre>$ sudo grep rounds {{{ pam_passwd_file_path }}}</pre>
     The output should show the following match:
+    {{% if product in ["debian12"] %}} 
+    <pre>password [sucess=1 default=ignore] pam_unix.so sha512 rounds={{{ xccdf_value("var_password_pam_unix_rounds") }}}</pre>
+    {{% else %}}
     <pre>password sufficient pam_unix.so sha512 rounds={{{ xccdf_value("var_password_pam_unix_rounds") }}}</pre>
+    {{% endif %}}
 
 platform: package[pam]
 
@@ -54,7 +63,10 @@ fixtext: |-
 
     Add or modify the following line in "{{{ pam_passwd_file_path }}}" and set "rounds" to {{{ xccdf_value("var_password_pam_unix_rounds") }}}.
     For example:
-
+    {{% if product in ["debian12"] %}} 
+    password [sucess=1 default=ignore] pam_unix.so sha512 rounds=5000
+    {{% else %}}
     password sufficient pam_unix.so sha512 rounds=5000
-
+    {{% endif %}}
+    
 srg_requirement: '{{{ full_name }}} shadow password suite must be configured to use a sufficient number of hashing rounds in {{{ pam_passwd_file_path }}}.'
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index fed8d1e7e33..b49c478adb6 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -20,7 +20,7 @@ description: |-
     If the system is configured for online updates, invoking the following command will list available
     security updates:
     <pre>$ sudo zypper refresh &amp;&amp; sudo zypper list-patches -g security</pre>
-{{% elif 'ubuntu' in product %}}
+{{% elif 'ubuntu' in product or 'debian' in product %}}
     If the system has an apt repository available, run the following command to install updates:
     <pre>$ apt update &#38;&#38; apt full-upgrade</pre>
 {{% endif %}}
diff --git a/products/debian12/product.yml b/products/debian12/product.yml
index 93a29d900f3..7077bc2263a 100644
--- a/products/debian12/product.yml
+++ b/products/debian12/product.yml
@@ -17,6 +17,7 @@ pkg_manager: "apt_get"
 
 init_system: "systemd"
 
+oval_feed_url: "https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2"
 
 cpes_root: "../../shared/applicability"
 cpes:
diff --git a/products/debian12/profiles/anssi_bp28_enhanced.profile b/products/debian12/profiles/anssi_bp28_enhanced.profile
index b03c0008011..61111bf85a7 100644
--- a/products/debian12/profiles/anssi_bp28_enhanced.profile
+++ b/products/debian12/profiles/anssi_bp28_enhanced.profile
@@ -13,170 +13,50 @@ description: |-
 
 selections:
   - anssi:all:enhanced
-  - package_rsyslog_installed
-  - service_rsyslog_enabled
+  - 'package_rsyslog_installed'
+  - 'service_rsyslog_enabled'
   # PASS_MIN_LEN is handled by PAM on debian systems.
   - '!accounts_password_minlen_login_defs'
+  # ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
+  - 'package_pam_pwquality_installed'
+  # PAM honour login.defs file for algorithm
+  - 'set_password_hashing_algorithm_logindefs'
   # Debian uses apparmor
   - '!selinux_state'
   - '!audit_rules_mac_modification'
-  - apparmor_configured
-  - all_apparmor_profiles_enforced 
-  - grub2_enable_apparmor
-  - package_apparmor_installed
-  - package_pam_apparmor_installed
+  - '!selinux_policytype'
+  - 'apparmor_configured'
+  - 'all_apparmor_profiles_enforced' 
+  - 'grub2_enable_apparmor'
+  - 'package_apparmor_installed'
+  - 'package_pam_apparmor_installed'
   # The following are MLS related rules (not part of ANSSI-BP-028)
   - '!accounts_polyinstantiated_tmp'
   - '!accounts_polyinstantiated_var_tmp'
+  - '!enable_pam_namespace'
+
   # Following rules once had a prodtype incompatible with the debian12 product
-  - '!sysctl_net_ipv4_conf_default_secure_redirects'
-  - '!accounts_password_pam_dcredit'
-  - '!package_sendmail_removed'
-  - '!partition_for_boot'
-  - '!sysctl_net_ipv4_conf_all_accept_source_route'
-  - '!mount_option_home_nosuid'
-  - '!audit_rules_usergroup_modification_opasswd'
+  - '!accounts_passwords_pam_tally2_deny_root'
+  - '!ensure_redhat_gpgkey_installed'
+  - '!set_password_hashing_algorithm_systemauth'
+  - '!package_dnf-automatic_installed'
   - '!accounts_passwords_pam_faillock_deny_root'
+  - '!dnf-automatic_security_updates_only'
   - '!cracklib_accounts_password_pam_lcredit'
-  - '!sysctl_fs_protected_regular'
   - '!dnf-automatic_apply_updates'
   - '!cracklib_accounts_password_pam_ocredit'
-  - '!enable_pam_namespace'
-  - '!package_talk_removed'
-  - '!audit_rules_privileged_commands_insmod'
-  - '!accounts_password_pam_minlen'
   - '!accounts_password_pam_unix_rounds_system_auth'
-  - '!sudo_dedicated_group'
-  - '!chronyd_configure_pool_and_server'
-  - '!grub2_page_poison_argument'
-  - '!ensure_gpgcheck_local_packages'
-  - '!grub2_uefi_password'
-  - '!sysctl_net_ipv6_conf_all_accept_redirects'
-  - '!audit_rules_usergroup_modification_group'
-  - '!package_sudo_installed'
-  - '!package_xinetd_removed'
-  - '!package_rsh-server_removed'
-  - '!mount_option_srv_nosuid'
-  - '!audit_sudo_log_events'
-  - '!mount_option_boot_noexec'
-  - '!mount_option_var_tmp_noexec'
-  - '!sysctl_net_ipv6_conf_default_router_solicitations'
-  - '!package_ypserv_removed'
-  - '!mount_option_tmp_nosuid'
-  - '!service_chronyd_or_ntpd_enabled'
-  - '!security_patches_up_to_date'
-  - '!sysctl_net_ipv4_conf_all_rp_filter'
-  - '!timer_logrotate_enabled'
-  - '!rsyslog_remote_tls'
-  - '!accounts_passwords_pam_faillock_unlock_time'
-  - '!file_permissions_ungroupowned'
-  - '!set_password_hashing_algorithm_systemauth'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_defrtr'
-  - '!package_tftp-server_removed'
-  - '!package_rsh_removed'
-  - '!sysctl_net_ipv4_conf_default_accept_redirects'
-  - '!package_dnf-automatic_installed'
-  - '!audit_rules_privileged_commands_modprobe'
-  - '!sysctl_kernel_perf_event_max_sample_rate'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_pinfo'
-  - '!sysctl_kernel_perf_cpu_time_max_percent'
   - '!timer_dnf-automatic_enabled'
   - '!accounts_passwords_pam_tally2'
-  - '!accounts_password_pam_unix_remember'
-  - '!file_permissions_unauthorized_sgid'
-  - '!sysctl_net_ipv6_conf_all_router_solicitations'
-  - '!sysctl_net_ipv4_conf_default_rp_filter'
-  - '!audit_rules_usergroup_modification_shadow'
-  - '!sudo_add_umask'
-  - '!sudo_add_env_reset'
-  - '!package_dhcp_removed'
-  - '!audit_rules_privileged_commands_kmod'
-  - '!sysctl_net_ipv6_conf_default_accept_source_route'
-  - '!sysctl_fs_protected_fifos'
-  - '!grub2_page_alloc_shuffle_argument'
-  - '!mount_option_var_noexec'
-  - '!accounts_password_pam_ucredit'
-  - '!ensure_gpgcheck_never_disabled'
-  - '!mount_option_opt_nosuid'
-  - '!partition_for_opt'
-  - '!sysctl_kernel_sysrq'
-  - '!sysctl_net_ipv4_ip_forward'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_rtr_pref'
-  - '!postfix_network_listening_disabled'
-  - '!install_PAE_kernel_on_x86-32'
-  - '!sysctl_kernel_modules_disabled'
-  - '!audit_rules_usergroup_modification_gshadow'
-  - '!ensure_redhat_gpgkey_installed'
-  - '!accounts_passwords_pam_faillock_interval'
-  - '!sudo_add_ignore_dot'
-  - '!sysctl_kernel_perf_event_paranoid'
-  - '!mount_option_var_log_nosuid'
-  - '!sysctl_net_ipv6_conf_default_autoconf'
-  - '!sysctl_net_ipv6_conf_default_max_addresses'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_rtr_pref'
-  - '!grub2_mds_argument'
-  - '!audit_rules_privileged_commands_rmmod'
-  - '!grub2_slub_debug_argument'
-  - '!dnf-automatic_security_updates_only'
-  - '!audit_rules_usergroup_modification_passwd'
-  - '!mount_option_var_log_noexec'
-  - '!partition_for_usr'
-  - '!package_telnet-server_removed'
-  - '!sysctl_net_ipv4_ip_local_port_range'
-  - '!package_talk-server_removed'
-  - '!sysctl_kernel_pid_max'
-  - '!package_ypbind_removed'
-  - '!sysctl_net_ipv4_conf_default_send_redirects'
-  - '!mount_option_var_nosuid'
-  - '!sysctl_net_ipv6_conf_all_max_addresses'
-  - '!sysctl_net_ipv4_conf_all_accept_redirects'
   - '!cracklib_accounts_password_pam_ucredit'
-  - '!sysctl_net_ipv4_conf_all_send_redirects'
-  - '!sysctl_net_ipv4_conf_all_secure_redirects'
+  - '!file_permissions_unauthorized_sgid'
+  - '!ensure_gpgcheck_local_packages'
   - '!accounts_passwords_pam_tally2_unlock_time'
-  - '!selinux_policytype'
-  - '!sysctl_net_ipv4_conf_default_accept_source_route'
-  - '!cracklib_accounts_password_pam_minlen'
-  - '!sebool_polyinstantiation_enabled'
-  - '!accounts_tmout'
-  - '!mount_option_nodev_nonroot_local_partitions'
-  - '!package_tftp_removed'
-  - '!sysctl_net_core_bpf_jit_harden'
-  - '!grub2_pti_argument'
-  - '!file_permissions_unauthorized_suid'
-  - '!package_rsyslog-gnutls_installed'
-  - '!accounts_passwords_pam_tally2_deny_root'
-  - '!sysctl_net_ipv6_conf_default_accept_redirects'
-  - '!sysctl_kernel_unprivileged_bpf_disabled'
-  - '!accounts_passwords_pam_faillock_deny'
-  - '!accounts_password_pam_unix_rounds_password_auth'
-  - '!sysctl_vm_mmap_min_addr'
-  - '!sysctl_net_ipv4_tcp_rfc1337'
-  - '!sysctl_net_ipv4_tcp_syncookies'
-  - '!sysctl_kernel_yama_ptrace_scope'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_pinfo'
-  - '!accounts_password_pam_ocredit'
-  - '!accounts_password_pam_lcredit'
-  - '!no_files_unowned_by_user'
-  - '!package_dracut-fips-aesni_installed'
-  - '!mount_option_boot_nosuid'
-  - '!audit_rules_privileged_commands_sudo'
-  - '!mount_option_tmp_noexec'
-  - '!mount_option_home_noexec'
-  - '!sysctl_net_ipv4_conf_all_drop_gratuitous_arp'
-  - '!sysctl_net_ipv6_conf_all_accept_source_route'
-  - '!rsyslog_remote_tls_cacert'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_defrtr'
   - '!enable_authselect'
-  - '!sysctl_net_ipv4_icmp_ignore_bogus_error_responses'
-  - '!sysctl_kernel_dmesg_restrict'
-  - '!package_telnet_removed'
-  - '!grub2_password'
-  - '!dir_perms_world_writable_root_owned'
+  - '!cracklib_accounts_password_pam_minlen'
   - '!cracklib_accounts_password_pam_dcredit'
-  - '!partition_for_var_tmp'
   - '!ensure_gpgcheck_globally_activated'
-  - '!accounts_umask_etc_bashrc'
-  - '!sysctl_net_ipv6_conf_all_autoconf'
+  - '!file_permissions_unauthorized_suid'
+  - '!ensure_gpgcheck_never_disabled'
   - '!ensure_oracle_gpgkey_installed'
-  - '!mount_option_var_tmp_nosuid'
+  - '!package_dracut-fips-aesni_installed'
diff --git a/products/debian12/profiles/anssi_bp28_high.profile b/products/debian12/profiles/anssi_bp28_high.profile
index b15e6fa7d3e..97db7e1c8d3 100644
--- a/products/debian12/profiles/anssi_bp28_high.profile
+++ b/products/debian12/profiles/anssi_bp28_high.profile
@@ -17,9 +17,14 @@ selections:
   - service_rsyslog_enabled
   # PASS_MIN_LEN is handled by PAM on debian systems.
   - '!accounts_password_minlen_login_defs'
+  # ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
+  - 'package_pam_pwquality_installed'
+  # PAM honour login.defs file for algorithm
+  - 'set_password_hashing_algorithm_logindefs'
   # Debian uses apparmor
   - '!selinux_state'
   - '!audit_rules_mac_modification'
+  - '!selinux_policytype'
   - apparmor_configured
   - all_apparmor_profiles_enforced 
   - grub2_enable_apparmor
@@ -28,194 +33,30 @@ selections:
   # The following are MLS related rules (not part of ANSSI-BP-028)
   - '!accounts_polyinstantiated_tmp'
   - '!accounts_polyinstantiated_var_tmp'
+  - '!enable_pam_namespace'
+
   # Following rules once had a prodtype incompatible with the debian12 product
-  - '!aide_verify_acls'
-  - '!sysctl_net_ipv4_conf_default_secure_redirects'
-  - '!accounts_password_pam_dcredit'
-  - '!sebool_ssh_sysadm_login'
-  - '!package_sendmail_removed'
-  - '!kernel_config_refcount_full'
-  - '!partition_for_boot'
-  - '!sysctl_net_ipv4_conf_all_accept_source_route'
-  - '!mount_option_home_nosuid'
-  - '!audit_rules_usergroup_modification_opasswd'
+  - '!accounts_passwords_pam_tally2_deny_root'
+  - '!ensure_redhat_gpgkey_installed'
+  - '!set_password_hashing_algorithm_systemauth'
+  - '!package_dnf-automatic_installed'
   - '!accounts_passwords_pam_faillock_deny_root'
-  - '!sysctl_fs_protected_regular'
+  - '!dnf-automatic_security_updates_only'
   - '!cracklib_accounts_password_pam_lcredit'
-  - '!kernel_config_sched_stack_end_check'
   - '!dnf-automatic_apply_updates'
   - '!cracklib_accounts_password_pam_ocredit'
-  - '!enable_pam_namespace'
-  - '!package_talk_removed'
-  - '!audit_rules_privileged_commands_insmod'
-  - '!accounts_password_pam_minlen'
   - '!accounts_password_pam_unix_rounds_system_auth'
-  - '!sudo_dedicated_group'
-  - '!chronyd_configure_pool_and_server'
-  - '!grub2_page_poison_argument'
-  - '!ensure_gpgcheck_local_packages'
-  - '!sebool_selinuxuser_execstack'
-  - '!grub2_uefi_password'
-  - '!sysctl_net_ipv6_conf_all_accept_redirects'
-  - '!kernel_config_slab_freelist_hardened'
-  - '!audit_rules_usergroup_modification_group'
-  - '!package_sudo_installed'
-  - '!kernel_config_slab_merge_default'
-  - '!package_xinetd_removed'
-  - '!package_rsh-server_removed'
-  - '!mount_option_srv_nosuid'
-  - '!audit_sudo_log_events'
-  - '!mount_option_boot_noexec'
-  - '!mount_option_var_tmp_noexec'
-  - '!kernel_config_gcc_plugin_structleak_byref_all'
-  - '!sysctl_net_ipv6_conf_default_router_solicitations'
-  - '!package_ypserv_removed'
-  - '!mount_option_tmp_nosuid'
-  - '!service_chronyd_or_ntpd_enabled'
-  - '!sebool_selinuxuser_execheap'
-  - '!security_patches_up_to_date'
-  - '!sysctl_net_ipv4_conf_all_rp_filter'
-  - '!timer_logrotate_enabled'
-  - '!rsyslog_remote_tls'
-  - '!accounts_passwords_pam_faillock_unlock_time'
-  - '!file_permissions_ungroupowned'
-  - '!set_password_hashing_algorithm_systemauth'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_defrtr'
-  - '!package_tftp-server_removed'
-  - '!package_rsh_removed'
-  - '!sysctl_net_ipv4_conf_default_accept_redirects'
-  - '!package_dnf-automatic_installed'
-  - '!audit_rules_privileged_commands_modprobe'
-  - '!sysctl_kernel_perf_event_max_sample_rate'
-  - '!kernel_config_stackprotector_strong'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_pinfo'
-  - '!sysctl_kernel_perf_cpu_time_max_percent'
-  - '!kernel_config_page_poisoning'
   - '!timer_dnf-automatic_enabled'
   - '!accounts_passwords_pam_tally2'
-  - '!accounts_password_pam_unix_remember'
-  - '!kernel_config_vmap_stack'
-  - '!file_permissions_unauthorized_sgid'
-  - '!sysctl_net_ipv6_conf_all_router_solicitations'
-  - '!sysctl_net_ipv4_conf_default_rp_filter'
-  - '!audit_rules_usergroup_modification_shadow'
-  - '!sudo_add_umask'
-  - '!sudo_add_env_reset'
-  - '!package_dhcp_removed'
-  - '!aide_scan_notification'
-  - '!audit_rules_privileged_commands_kmod'
-  - '!sysctl_net_ipv6_conf_default_accept_source_route'
-  - '!sysctl_fs_protected_fifos'
-  - '!kernel_config_strict_kernel_rwx'
-  - '!kernel_config_slab_freelist_random'
-  - '!kernel_config_hardened_usercopy'
-  - '!grub2_page_alloc_shuffle_argument'
-  - '!mount_option_var_noexec'
-  - '!accounts_password_pam_ucredit'
-  - '!ensure_gpgcheck_never_disabled'
-  - '!mount_option_opt_nosuid'
-  - '!partition_for_opt'
-  - '!sysctl_kernel_sysrq'
-  - '!aide_periodic_cron_checking'
-  - '!sysctl_net_ipv4_ip_forward'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_rtr_pref'
-  - '!postfix_network_listening_disabled'
-  - '!install_PAE_kernel_on_x86-32'
-  - '!sysctl_kernel_modules_disabled'
-  - '!sebool_secure_mode_insmod'
-  - '!audit_rules_usergroup_modification_gshadow'
-  - '!kernel_config_hardened_usercopy_fallback'
-  - '!ensure_redhat_gpgkey_installed'
-  - '!accounts_passwords_pam_faillock_interval'
-  - '!sudo_add_ignore_dot'
-  - '!sysctl_kernel_perf_event_paranoid'
-  - '!mount_option_var_log_nosuid'
-  - '!sysctl_net_ipv6_conf_default_autoconf'
-  - '!sysctl_net_ipv6_conf_default_max_addresses'
-  - '!kernel_config_gcc_plugin_latent_entropy'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_rtr_pref'
-  - '!grub2_mds_argument'
-  - '!audit_rules_privileged_commands_rmmod'
-  - '!package_setroubleshoot-plugins_removed'
-  - '!grub2_slub_debug_argument'
-  - '!dnf-automatic_security_updates_only'
-  - '!audit_rules_usergroup_modification_passwd'
-  - '!mount_option_var_log_noexec'
-  - '!partition_for_usr'
-  - '!package_telnet-server_removed'
-  - '!kernel_config_gcc_plugin_stackleak'
-  - '!kernel_config_arm64_sw_ttbr0_pan'
-  - '!sysctl_net_ipv4_ip_local_port_range'
-  - '!package_talk-server_removed'
-  - '!sysctl_kernel_pid_max'
-  - '!package_ypbind_removed'
-  - '!sysctl_net_ipv4_conf_default_send_redirects'
-  - '!mount_option_var_nosuid'
-  - '!sysctl_net_ipv6_conf_all_max_addresses'
-  - '!sysctl_net_ipv4_conf_all_accept_redirects'
   - '!cracklib_accounts_password_pam_ucredit'
-  - '!sysctl_net_ipv4_conf_all_send_redirects'
-  - '!kernel_config_legacy_vsyscall_xonly'
-  - '!sysctl_net_ipv4_conf_all_secure_redirects'
-  - '!kernel_config_gcc_plugin_randstruct'
+  - '!file_permissions_unauthorized_sgid'
+  - '!ensure_gpgcheck_local_packages'
   - '!accounts_passwords_pam_tally2_unlock_time'
-  - '!selinux_policytype'
-  - '!sysctl_net_ipv4_conf_default_accept_source_route'
-  - '!cracklib_accounts_password_pam_minlen'
-  - '!kernel_config_debug_wx'
-  - '!sebool_polyinstantiation_enabled'
-  - '!accounts_tmout'
-  - '!mount_option_nodev_nonroot_local_partitions'
-  - '!package_tftp_removed'
-  - '!sysctl_net_core_bpf_jit_harden'
-  - '!kernel_config_strict_module_rwx'
-  - '!kernel_config_modify_ldt_syscall'
-  - '!aide_verify_ext_attributes'
-  - '!grub2_pti_argument'
-  - '!file_permissions_unauthorized_suid'
-  - '!package_rsyslog-gnutls_installed'
-  - '!accounts_passwords_pam_tally2_deny_root'
-  - '!sysctl_net_ipv6_conf_default_accept_redirects'
-  - '!sysctl_kernel_unprivileged_bpf_disabled'
-  - '!kernel_config_legacy_vsyscall_none'
-  - '!accounts_passwords_pam_faillock_deny'
-  - '!accounts_password_pam_unix_rounds_password_auth'
-  - '!aide_periodic_checking_systemd_timer'
-  - '!sysctl_vm_mmap_min_addr'
-  - '!sysctl_net_ipv4_tcp_rfc1337'
-  - '!sysctl_net_ipv4_tcp_syncookies'
-  - '!sysctl_kernel_yama_ptrace_scope'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_pinfo'
-  - '!package_dracut-fips-aesni_installed'
-  - '!accounts_password_pam_ocredit'
-  - '!accounts_password_pam_lcredit'
-  - '!no_files_unowned_by_user'
-  - '!mount_option_boot_nosuid'
-  - '!kernel_config_bug_on_data_corruption'
-  - '!kernel_config_legacy_vsyscall_emulate'
-  - '!audit_rules_privileged_commands_sudo'
-  - '!mount_option_tmp_noexec'
-  - '!mount_option_home_noexec'
-  - '!sysctl_net_ipv4_conf_all_drop_gratuitous_arp'
-  - '!sebool_deny_execmem'
-  - '!sysctl_net_ipv6_conf_all_accept_source_route'
-  - '!rsyslog_remote_tls_cacert'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_defrtr'
-  - '!package_setroubleshoot-server_removed'
-  - '!kernel_config_stackprotector'
-  - '!kernel_config_gcc_plugin_structleak'
   - '!enable_authselect'
-  - '!sysctl_net_ipv4_icmp_ignore_bogus_error_responses'
-  - '!sysctl_kernel_dmesg_restrict'
-  - '!package_telnet_removed'
-  - '!grub2_password'
-  - '!package_setroubleshoot_removed'
-  - '!kernel_config_fortify_source'
-  - '!dir_perms_world_writable_root_owned'
+  - '!cracklib_accounts_password_pam_minlen'
   - '!cracklib_accounts_password_pam_dcredit'
-  - '!partition_for_var_tmp'
   - '!ensure_gpgcheck_globally_activated'
-  - '!accounts_umask_etc_bashrc'
-  - '!sysctl_net_ipv6_conf_all_autoconf'
+  - '!file_permissions_unauthorized_suid'
+  - '!ensure_gpgcheck_never_disabled'
   - '!ensure_oracle_gpgkey_installed'
-  - '!mount_option_var_tmp_nosuid'
+  - '!package_dracut-fips-aesni_installed'
diff --git a/products/debian12/profiles/anssi_bp28_intermediary.profile b/products/debian12/profiles/anssi_bp28_intermediary.profile
index b45640eecfc..0009703a286 100644
--- a/products/debian12/profiles/anssi_bp28_intermediary.profile
+++ b/products/debian12/profiles/anssi_bp28_intermediary.profile
@@ -20,138 +20,38 @@ selections:
   - anssi:all:intermediary
   # PASS_MIN_LEN is handled by PAM on debian systems.
   - '!accounts_password_minlen_login_defs'
+  # ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
+  - 'package_pam_pwquality_installed'
+  # PAM honour login.defs file for algorithm
+  - 'set_password_hashing_algorithm_logindefs'
   # Debian uses apparmor
   - '!selinux_state'
   # The following are MLS related rules (not part of ANSSI-BP-028)
   - '!accounts_polyinstantiated_tmp'
   - '!accounts_polyinstantiated_var_tmp'
+  - '!enable_pam_namespace'
+
   # Following rules once had a prodtype incompatible with the debian12 product
-  - '!sysctl_net_ipv4_conf_default_secure_redirects'
-  - '!accounts_password_pam_dcredit'
-  - '!package_sendmail_removed'
-  - '!partition_for_boot'
-  - '!sysctl_net_ipv4_conf_all_accept_source_route'
-  - '!mount_option_home_nosuid'
+  - '!accounts_passwords_pam_tally2_deny_root'
+  - '!ensure_redhat_gpgkey_installed'
+  - '!set_password_hashing_algorithm_systemauth'
+  - '!package_dnf-automatic_installed'
   - '!accounts_passwords_pam_faillock_deny_root'
+  - '!dnf-automatic_security_updates_only'
   - '!cracklib_accounts_password_pam_lcredit'
-  - '!sysctl_fs_protected_regular'
   - '!dnf-automatic_apply_updates'
   - '!cracklib_accounts_password_pam_ocredit'
-  - '!enable_pam_namespace'
-  - '!package_talk_removed'
-  - '!accounts_password_pam_minlen'
   - '!accounts_password_pam_unix_rounds_system_auth'
-  - '!grub2_page_poison_argument'
-  - '!ensure_gpgcheck_local_packages'
-  - '!grub2_uefi_password'
-  - '!sysctl_net_ipv6_conf_all_accept_redirects'
-  - '!package_sudo_installed'
-  - '!package_xinetd_removed'
-  - '!package_rsh-server_removed'
-  - '!mount_option_srv_nosuid'
-  - '!mount_option_boot_noexec'
-  - '!mount_option_var_tmp_noexec'
-  - '!sysctl_net_ipv6_conf_default_router_solicitations'
-  - '!package_ypserv_removed'
-  - '!mount_option_tmp_nosuid'
-  - '!security_patches_up_to_date'
-  - '!sysctl_net_ipv4_conf_all_rp_filter'
-  - '!accounts_passwords_pam_faillock_unlock_time'
-  - '!file_permissions_ungroupowned'
-  - '!set_password_hashing_algorithm_systemauth'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_defrtr'
-  - '!package_tftp-server_removed'
-  - '!package_rsh_removed'
-  - '!sysctl_net_ipv4_conf_default_accept_redirects'
-  - '!package_dnf-automatic_installed'
-  - '!sysctl_kernel_perf_event_max_sample_rate'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_pinfo'
-  - '!sysctl_kernel_perf_cpu_time_max_percent'
   - '!timer_dnf-automatic_enabled'
   - '!accounts_passwords_pam_tally2'
-  - '!accounts_password_pam_unix_remember'
-  - '!file_permissions_unauthorized_sgid'
-  - '!sysctl_net_ipv6_conf_all_router_solicitations'
-  - '!sysctl_net_ipv4_conf_default_rp_filter'
-  - '!sudo_add_umask'
-  - '!sudo_add_env_reset'
-  - '!package_dhcp_removed'
-  - '!sysctl_net_ipv6_conf_default_accept_source_route'
-  - '!sysctl_fs_protected_fifos'
-  - '!grub2_page_alloc_shuffle_argument'
-  - '!mount_option_var_noexec'
-  - '!accounts_password_pam_ucredit'
-  - '!ensure_gpgcheck_never_disabled'
-  - '!mount_option_opt_nosuid'
-  - '!partition_for_opt'
-  - '!sysctl_kernel_sysrq'
-  - '!sysctl_net_ipv4_ip_forward'
-  - '!sysctl_net_ipv6_conf_all_accept_ra_rtr_pref'
-  - '!postfix_network_listening_disabled'
-  - '!ensure_redhat_gpgkey_installed'
-  - '!accounts_passwords_pam_faillock_interval'
-  - '!sudo_add_ignore_dot'
-  - '!sysctl_kernel_perf_event_paranoid'
-  - '!mount_option_var_log_nosuid'
-  - '!sysctl_net_ipv6_conf_default_autoconf'
-  - '!sysctl_net_ipv6_conf_default_max_addresses'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_rtr_pref'
-  - '!grub2_mds_argument'
-  - '!grub2_slub_debug_argument'
-  - '!dnf-automatic_security_updates_only'
-  - '!mount_option_var_log_noexec'
-  - '!partition_for_usr'
-  - '!package_telnet-server_removed'
-  - '!sysctl_net_ipv4_ip_local_port_range'
-  - '!package_talk-server_removed'
-  - '!sysctl_kernel_pid_max'
-  - '!package_ypbind_removed'
-  - '!sysctl_net_ipv4_conf_default_send_redirects'
-  - '!mount_option_var_nosuid'
-  - '!sysctl_net_ipv6_conf_all_max_addresses'
-  - '!sysctl_net_ipv4_conf_all_accept_redirects'
   - '!cracklib_accounts_password_pam_ucredit'
-  - '!sysctl_net_ipv4_conf_all_send_redirects'
-  - '!sysctl_net_ipv4_conf_all_secure_redirects'
+  - '!file_permissions_unauthorized_sgid'
+  - '!ensure_gpgcheck_local_packages'
   - '!accounts_passwords_pam_tally2_unlock_time'
-  - '!sysctl_net_ipv4_conf_default_accept_source_route'
-  - '!cracklib_accounts_password_pam_minlen'
-  - '!sebool_polyinstantiation_enabled'
-  - '!accounts_tmout'
-  - '!mount_option_nodev_nonroot_local_partitions'
-  - '!package_tftp_removed'
-  - '!sysctl_net_core_bpf_jit_harden'
-  - '!grub2_pti_argument'
-  - '!file_permissions_unauthorized_suid'
-  - '!accounts_passwords_pam_tally2_deny_root'
-  - '!sysctl_net_ipv6_conf_default_accept_redirects'
-  - '!sysctl_kernel_unprivileged_bpf_disabled'
-  - '!accounts_passwords_pam_faillock_deny'
-  - '!accounts_password_pam_unix_rounds_password_auth'
-  - '!sysctl_vm_mmap_min_addr'
-  - '!sysctl_net_ipv4_tcp_rfc1337'
-  - '!sysctl_net_ipv4_tcp_syncookies'
-  - '!sysctl_kernel_yama_ptrace_scope'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_pinfo'
-  - '!accounts_password_pam_ocredit'
-  - '!accounts_password_pam_lcredit'
-  - '!no_files_unowned_by_user'
-  - '!mount_option_boot_nosuid'
-  - '!audit_rules_privileged_commands_sudo'
-  - '!mount_option_tmp_noexec'
-  - '!mount_option_home_noexec'
-  - '!sysctl_net_ipv4_conf_all_drop_gratuitous_arp'
-  - '!sysctl_net_ipv6_conf_all_accept_source_route'
-  - '!sysctl_net_ipv6_conf_default_accept_ra_defrtr'
   - '!enable_authselect'
-  - '!sysctl_net_ipv4_icmp_ignore_bogus_error_responses'
-  - '!sysctl_kernel_dmesg_restrict'
-  - '!package_telnet_removed'
-  - '!grub2_password'
-  - '!dir_perms_world_writable_root_owned'
+  - '!cracklib_accounts_password_pam_minlen'
   - '!cracklib_accounts_password_pam_dcredit'
-  - '!partition_for_var_tmp'
   - '!ensure_gpgcheck_globally_activated'
-  - '!sysctl_net_ipv6_conf_all_autoconf'
+  - '!file_permissions_unauthorized_suid'
+  - '!ensure_gpgcheck_never_disabled'
   - '!ensure_oracle_gpgkey_installed'
-  - '!mount_option_var_tmp_nosuid'
diff --git a/products/debian12/profiles/anssi_bp28_minimal.profile b/products/debian12/profiles/anssi_bp28_minimal.profile
index ded77a47463..2508a5d644d 100644
--- a/products/debian12/profiles/anssi_bp28_minimal.profile
+++ b/products/debian12/profiles/anssi_bp28_minimal.profile
@@ -15,55 +15,33 @@ selections:
   - anssi:all:minimal
   # PASS_MIN_LEN is handled by PAM on debian systems.
   - '!accounts_password_minlen_login_defs'
+  # ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
+  - 'package_pam_pwquality_installed'
+  # PAM honour login.defs file for algorithm
+  - 'set_password_hashing_algorithm_logindefs'
 
   # Following rules once had a prodtype incompatible with the debian12 product
-  - '!package_ypserv_removed'
-  - '!accounts_password_pam_dcredit'
   - '!accounts_passwords_pam_tally2_deny_root'
-  - '!security_patches_up_to_date'
-  - '!package_sendmail_removed'
   - '!ensure_redhat_gpgkey_installed'
-  - '!accounts_passwords_pam_faillock_deny'
-  - '!accounts_password_pam_unix_rounds_password_auth'
-  - '!accounts_passwords_pam_faillock_unlock_time'
-  - '!accounts_passwords_pam_faillock_interval'
-  - '!file_permissions_ungroupowned'
   - '!set_password_hashing_algorithm_systemauth'
-  - '!package_tftp-server_removed'
-  - '!package_rsh_removed'
   - '!package_dnf-automatic_installed'
-  - '!no_files_unowned_by_user'
   - '!accounts_passwords_pam_faillock_deny_root'
-  - '!accounts_password_pam_ocredit'
-  - '!accounts_password_pam_lcredit'
   - '!dnf-automatic_security_updates_only'
   - '!cracklib_accounts_password_pam_lcredit'
   - '!dnf-automatic_apply_updates'
   - '!cracklib_accounts_password_pam_ocredit'
-  - '!package_telnet-server_removed'
-  - '!package_talk_removed'
-  - '!accounts_password_pam_minlen'
-  - '!package_talk-server_removed'
-  - '!package_ypbind_removed'
   - '!accounts_password_pam_unix_rounds_system_auth'
   - '!timer_dnf-automatic_enabled'
   - '!accounts_passwords_pam_tally2'
   - '!cracklib_accounts_password_pam_ucredit'
-  - '!accounts_password_pam_unix_remember'
   - '!file_permissions_unauthorized_sgid'
   - '!ensure_gpgcheck_local_packages'
   - '!accounts_passwords_pam_tally2_unlock_time'
   - '!enable_authselect'
   - '!cracklib_accounts_password_pam_minlen'
-  - '!package_dhcp_removed'
-  - '!package_telnet_removed'
-  - '!dir_perms_world_writable_root_owned'
   - '!cracklib_accounts_password_pam_dcredit'
-  - '!package_xinetd_removed'
   - '!ensure_gpgcheck_globally_activated'
-  - '!package_tftp_removed'
-  - '!package_rsh-server_removed'
-  - '!accounts_password_pam_ucredit'
   - '!file_permissions_unauthorized_suid'
   - '!ensure_gpgcheck_never_disabled'
   - '!ensure_oracle_gpgkey_installed'
+ 
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
index 8244b856b7d..baa008f4f05 100644
--- a/shared/macros/10-bash.jinja
+++ b/shared/macros/10-bash.jinja
@@ -783,7 +783,7 @@ authselect enable-feature {{{ feature }}}
 
 #}}
 {{%- macro bash_enable_pam_faillock_directly_in_pam_files() -%}}
-{{% if 'ubuntu' in product %}}
+{{% if 'ubuntu' in product or 'debian' in product %}}
 pam_file="/etc/pam.d/common-auth"
 if ! grep -qE '^\s*auth\s+required\s+pam_faillock\.so\s+preauth.*$' "$pam_file" ; then
     # insert at the top
diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template
index b324dc01a35..f25e7cc5428 100644
--- a/shared/templates/accounts_password/ansible.template
+++ b/shared/templates/accounts_password/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_all
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template
index 46e98c1471a..372db9e6140 100644
--- a/shared/templates/accounts_password/bash.template
+++ b/shared/templates/accounts_password/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_all
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template
index 63dfcb06cca..21121564e81 100644
--- a/shared/templates/audit_rules_privileged_commands/bash.template
+++ b/shared/templates/audit_rules_privileged_commands/bash.template
@@ -1,7 +1,7 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] %}}
   {{%- set perm_x=" -F perm=x" %}}
 {{%- endif %}}
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_all
 
 ACTION_ARCH_FILTERS="-a always,exit"
 OTHER_FILTERS="-F path={{{ PATH }}}{{{ perm_x }}}"
diff --git a/shared/templates/audit_rules_privileged_commands/oval.template b/shared/templates/audit_rules_privileged_commands/oval.template
index 7ef67818cbf..617df29299d 100644
--- a/shared/templates/audit_rules_privileged_commands/oval.template
+++ b/shared/templates/audit_rules_privileged_commands/oval.template
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] %}}
   {{%- set perm_x="(?:[\s]+-F[\s]+perm=x)" %}}
 {{%- endif %}}
 <def-group>
diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template
index 62faac341c9..bff0ed51210 100644
--- a/shared/templates/audit_rules_usergroup_modification/bash.template
+++ b/shared/templates/audit_rules_usergroup_modification/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_all
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 
diff --git a/shared/templates/pam_account_password_faillock/ansible.template b/shared/templates/pam_account_password_faillock/ansible.template
new file mode 100644
index 00000000000..5e1161920e5
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/ansible.template
@@ -0,0 +1,7 @@
+# platform = multi_platform_all
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+{{{ ansible_pam_faillock_enable() }}}
+{{{ ansible_pam_faillock_parameter_value(PRM_NAME, EXT_VARIABLE) }}}
diff --git a/shared/templates/pam_account_password_faillock/bash.template b/shared/templates/pam_account_password_faillock/bash.template
new file mode 100644
index 00000000000..e46c3b85197
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/bash.template
@@ -0,0 +1,6 @@
+# platform = multi_platform_all
+
+{{{ bash_instantiate_variables(EXT_VARIABLE) }}}
+
+{{{ bash_pam_faillock_enable() }}}
+{{{ bash_pam_faillock_parameter_value(PRM_NAME, '$'+EXT_VARIABLE) }}}
diff --git a/shared/templates/pam_account_password_faillock/oval.template b/shared/templates/pam_account_password_faillock/oval.template
new file mode 100644
index 00000000000..34174e89664
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/oval.template
@@ -0,0 +1,335 @@
+<def-group>
+  <definition class="compliance" id="{{{ _RULE_ID }}}" version="6">
+    {{{ oval_metadata(DESCRIPTION) }}}
+
+    {{% if 'debian' in product or 'ubuntu' in product %}}
+
+    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
+      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
+        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
+             as reference for the correct position of pam_faillock.so in auth section. If the
+             system is properly configured, it must appear only once in auth section. -->
+        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_common_pam_unix_auth"
+		   comment="pam_unix.so appears only once in auth section of common-auth"/>
+        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_common_pam_faillock_auth"
+		   comment="pam_faillock.so is properly defined in auth section of common-auth"/>
+        <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_common_pam_faillock_account"
+		   comment="pam_faillock.so is properly defined in common-account"/>
+      </criteria>
+
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
+           directly. In case they are defined in both places, pam files have precedence and this
+           may confuse the assessment. The following tests ensure only one option is used. -->
+      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ PRM_NAME }}} parameter">
+        <criteria operator="AND"
+		  comment="Check expected pam_faillock.so {{{ PRM_NAME }}} parameter in pam files">
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_common"
+		     comment="Check the {{{ PRM_NAME }}} parameter is present common-auth file"/>
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_faillock_conf"
+		     comment="Ensure the {{{ PRM_NAME }}} parameter is not present in /etc/security/faillock.conf"/>
+        </criteria>
+        <criteria operator="AND"
+		  comment="Check expected pam_faillock.so {{{ PRM_NAME }}} parameter in faillock.conf">
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_pamd_common"
+		     comment="Check the {{{ PRM_NAME }}} parameter is not present common-auth file"/>
+          <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"
+		     comment="Ensure the {{{ PRM_NAME }}} parameter is present in /etc/security/faillock.conf"/>
+        </criteria>
+      </criteria>
+    </criteria>
+    
+    {{% else %}}
+
+    <criteria operator="AND" comment="Check the proper configuration of pam_faillock.so">
+      <criteria operator="AND" comment="Check if pam_faillock.so is properly enabled">
+        <!-- pam_unix.so is a control module present in all realistic scenarios and also used
+             as reference for the correct position of pam_faillock.so in auth section. If the
+             system is properly configured, it must appear only once in auth section. -->
+        <criteria operator="AND"
+		  comment="Count occurrences of pam_unix.so in system-auth and password-auth">
+	  <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_system_pam_unix_auth"
+		     comment="pam_unix.so appears only once in auth section of system-auth"/>
+	  <criterion test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_password_pam_unix_auth"
+                     comment="pam_unix.so appears only once in auth section of password-auth"/>
+	</criteria>
+	
+        <!-- pam_faillock.so parameters can be defined directly in pam files or, in newer
+             versions, in /etc/security/faillock.conf. The last is the recommended option when
+             available. Also, is the option used by auselect tool. However, regardless the
+             approach, a minimal declaration is common in pam files. -->
+        <criteria operator="AND" comment="Check common definition of pam_faillock.so">
+          <criterion
+	      test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_system_pam_faillock_auth"
+	      comment="pam_faillock.so is properly defined in auth section of system-auth"/>
+          <criterion
+	      test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_system_pam_faillock_account"
+	      comment="pam_faillock.so is properly defined in account section of system-auth"/>
+          <criterion
+	      test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_password_pam_faillock_auth"
+	      comment="pam_faillock.so is properly defined in auth section of password-auth"/>
+          <criterion
+	      test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_password_pam_faillock_account"
+	      comment="pam_faillock.so is properly defined in account section of password-auth"/>
+        </criteria>
+      </criteria>
+
+      <!-- pam_faillock.so parameters should be defined in /etc/security/faillock.conf whenever
+           possible. But due to backwards compatibility, they are also allowed in pam files
+           directly. In case they are defined in both places, pam files have precedence and this
+           may confuse the assessment. The following tests ensure only one option is used. Note
+           that if faillock.conf is available, authselect tool only manage parameters on it -->
+      <criteria operator="OR" comment="Check expected value for pam_faillock.so {{{ PRM_NAME }}} parameter">
+        <criteria operator="AND"
+                  comment="Check expected pam_faillock.so {{{ PRM_NAME }}} parameter in pam files">
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_system"
+              comment="Check the {{{ PRM_NAME }}} parameter in auth section of system-auth file"/>
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_password"
+              comment="Check the {{{ PRM_NAME }}} parameter in auth section of password-auth file"/>
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_faillock_conf"
+              comment="Ensure the {{{ PRM_NAME }}} parameter is not present in /etc/security/faillock.conf"/>
+        </criteria>
+        <criteria operator="AND"
+                  comment="Check expected pam_faillock.so {{{ PRM_NAME }}} parameter in faillock.conf">
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_pamd_system"
+              comment="Check the {{{ PRM_NAME }}} parameter is not present system-auth file"/>
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_pamd_password"
+              comment="Check the {{{ PRM_NAME }}} parameter is not present password-auth file"/>
+          <criterion
+              test_ref="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"
+              comment="Ensure the {{{ PRM_NAME }}} parameter is present in /etc/security/faillock.conf"/>
+        </criteria>
+      </criteria>
+    </criteria>
+
+    {{% endif %}}    
+  </definition>
+
+  <!-- The following tests demand complex regex which are necessary more than once.
+       These variables make simpler the usage of regex patterns. -->
+  <constant_variable id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_unix_regex"
+                     datatype="string" version="2"
+                     comment="regex to identify pam_unix.so in auth section of pam files">
+    <value>^\s*auth\N+pam_unix\.so</value>
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_auth_regex"
+      datatype="string" version="2"
+      comment="regex to identify pam_faillock.so entries in auth section of pam files">
+    {{% if 'debian' in product or 'ubuntu' in product %}}
+    <value>^\s*auth\s+required\s+pam_faillock\.so.*preauth.*[\s\S]*^\s*auth.*pam_unix\.so[\s\S]*^\s*auth\s+\[default=die\]\s+pam_faillock\.so\s+authfail[\s\S]*^\s*auth\s+sufficient\s+pam_faillock\.so\s+authsucc</value>
+    {{% elif 'openeuler' in product %}}
+    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)?(?=.*?\bnew_authtok_reqd=done\b)?(?=.*?\bdefault=ignore\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=die\b)?.*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
+    {{% else %}}
+    <value>^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+preauth[\s\S]*^[\s]*auth[\s]+(sufficient|\[(?=.*\bsuccess=done\b)(?=.*?\bnew_authtok_reqd=done\b)(?=.*?\bdefault=ignore\b).*\])[\s]+pam_unix\.so[\s\S]*^[\s]*auth[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\w\d=]+authfail</value>
+    {{% endif %}}
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_account_regex"
+      datatype="string" version="2"
+      comment="regex to identify pam_faillock.so entry in account section of pam files">
+    {{% if 'debian' in product or 'ubuntu' in product %}}
+    <value>^\s*account\s+required\s+pam_faillock\.so\s*(#.*)?$</value>
+    {{% elif 'openeuler' in product %}}
+    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_unix\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)?(?=.*?\bnew_authtok_reqd=ok\b)?(?=.*?\bignore=ignore\b)?(?=.*?\bdefault=bad\b)?.*\])[\s]+pam_faillock\.so</value>
+    {{% else %}}
+    <value>^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_faillock\.so[\s\S]*^[\s]*account[\s]+(required|\[(?=.*?\bsuccess=ok\b)(?=.*?\bnew_authtok_reqd=ok\b)(?=.*?\bignore=ignore\b)(?=.*?\bdefault=bad\b).*\])[\s]+pam_unix\.so</value>
+    {{% endif %}}
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_{{{ PRM_NAME }}}_parameter_regex"
+      datatype="string" version="1"
+      comment="regex to identify pam_faillock.so {{{ PRM_NAME }}} entry in auth section of pam files">
+    <value>{{{ PRM_REGEX_PAMD }}}</value>
+  </constant_variable>
+
+  <constant_variable
+      id="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_faillock_conf_{{{ PRM_NAME }}}_parameter_regex"
+      datatype="string" version="1"
+      comment="regex to identify {{{ PRM_NAME }}} entry in /etc/security/faillock.conf">
+    <value>{{{ PRM_REGEX_CONF }}}</value>
+  </constant_variable>
+  
+  {{% macro generate_test_faillock_enabled(file_stem) %}}
+  <!-- Check occurences of pam_unix.so in auth section of {{{ file_stem }}}-auth file -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_unix_auth"
+      comment="no more that one pam_unix.so is expected in auth section of {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_unix_auth"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_unix_auth"
+      comment="Get the second and subsequent occurrences of pam_unix.so in auth section of {{{ file_stem}}}-auth">
+    <ind:filepath>/etc/pam.d/{{{file_stem}}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match" var_ref="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_unix_regex"/>
+    <ind:instance datatype="int" operation="greater than">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <!-- Check common definition of pam_faillock.so in {{{ file_stem }}}-auth file -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="only_one_exists" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_faillock_auth"
+      comment="One and only one occurrence is expected in auth section of {{{ file_stem }}}-auth">
+    <ind:object
+	object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME}}}_{{{ file_stem }}}_pam_faillock_auth"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ PRM_NAME}}}_{{{ file_stem }}}_pam_faillock_auth"
+      comment="Check common definition of pam_faillock.so in auth section of common-auth">
+    <ind:filepath>/etc/pam.d/{{{ file_stem }}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match"
+		 var_ref="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_auth_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  {{{ generate_test_faillock_enabled (file_stem="system")   }}}
+  {{{ generate_test_faillock_enabled (file_stem="password") }}}
+  {{{ generate_test_faillock_enabled (file_stem="common")   }}}
+
+  {{% macro generate_test_faillock_account(file_stem, file) %}}
+  <!-- Check common definition of pam_faillock.so in {{{ file_stem }}}-account -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="only_one_exists" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_faillock_account"
+      comment="One and only one occurrence is expected in {{{ file }}}">
+    <ind:object
+	object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_faillock_account"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_{{{ file_stem }}}_pam_faillock_account"
+      comment="Check common definition of pam_faillock.so in account section of {{{ file }}}">
+    <ind:filepath>/etc/pam.d/{{{ file }}}</ind:filepath>
+    <ind:pattern operation="pattern match"
+                 var_ref="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_account_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  {{{ generate_test_faillock_account (file_stem="system",   file="system-auth")    }}}
+  {{{ generate_test_faillock_account (file_stem="password", file="password-auth")  }}}
+  {{{ generate_test_faillock_account (file_stem="common",   file="common-account") }}}
+
+  {{% macro generate_check_parameter_in_pam_file(file_stem) %}}
+  <!-- Check absence of {{{ PRM_NAME }}} parameter in {{{ file_stem }}}-auth -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_pamd_{{{ file_stem }}}"
+      comment="Check the absence of {{{ PRM_NAME }}} parameter in {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_{{{ file_stem }}}"/>
+  </ind:textfilecontent54_test>
+  
+  <!-- Check expected value of {{{ PRM_NAME }}} parameter in {{{ file_stem }}}-auth -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="all_exist" version="2"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_{{{ file_stem }}}"
+      comment="Check the expected {{{ PRM_NAME }}} value in {{{ file_stem }}}-auth">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_{{{ file_stem }}}"/>
+    {{% if VARIABLE_UPPER_BOUND is defined and VARIABLE_UPPER_BOUND != "none" %}}
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_upper_bound"/>
+    {{% endif %}}
+    {{% if VARIABLE_LOWER_BOUND is defined and VARIABLE_LOWER_BOUND != "none" %}}
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_lower_bound"/>
+    {{% endif %}}
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="2"
+      id="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_pamd_{{{ file_stem }}}"
+      comment="Get the pam_faillock.so {{{ PRM_NAME }}} parameter from {{{ file_stem }}}-auth file">
+    <ind:filepath>/etc/pam.d/{{{ file_stem }}}-auth</ind:filepath>
+    <ind:pattern operation="pattern match"
+		 var_ref="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_pam_faillock_{{{ PRM_NAME }}}_parameter_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+  {{% endmacro %}}
+
+  <!-- boundaries to test the parameter value -->
+  <!-- Specify the required external variable & create corresponding state from it -->
+  <external_variable id="{{{ EXT_VARIABLE }}}" datatype="int"
+                     comment="external variable to use" version="1"/>
+
+  {{% if VARIABLE_UPPER_BOUND is defined and VARIABLE_UPPER_BOUND != "none" %}}
+  <ind:textfilecontent54_state
+      version="1"
+      id="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_upper_bound">
+    {{% if VARIABLE_UPPER_BOUND == "use_ext_variable" %}}
+    <ind:subexpression datatype="int" operation="less than or equal"
+		       var_ref="{{{ EXT_VARIABLE }}}"/>
+    {{% elif VARIABLE_UPPER_BOUND is number %}}
+    <ind:subexpression datatype="int" operation="less than">{{{ VARIABLE_UPPER_BOUND }}}</ind:subexpression>
+    {{% else %}}
+    <ind:subexpression datatype="int" operation="less than or equal"
+		       var_ref="{{{ VARIABLE_UPPER_BOUND }}}"/>
+    {{% endif %}}
+  </ind:textfilecontent54_state>
+  {{% endif %}}
+
+  {{% if VARIABLE_LOWER_BOUND is defined and VARIABLE_LOWER_BOUND != "none" %}}
+  <ind:textfilecontent54_state
+      version="1"
+      id="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_lower_bound">
+    {{% if VARIABLE_LOWER_BOUND == "use_ext_variable" %}}
+    <ind:subexpression datatype="int" operation="greater than or equal"
+		       var_ref="{{{ EXT_VARIABLE }}}"/>
+    {{% elif VARIABLE_LOWER_BOUND is number %}}
+    <ind:subexpression datatype="int" operation="greater than">{{{ VARIABLE_LOWER_BOUND }}}</ind:subexpression>
+    {{% else %}}
+    <ind:subexpression datatype="int" operation="greater than or equal"
+		       var_ref="{{{ VARIABLE_LOWER_BOUND }}}"/>
+    {{% endif %}}
+  </ind:textfilecontent54_state>
+  {{% endif %}}
+  
+  {{{ generate_check_parameter_in_pam_file (file_stem="system")   }}}
+  {{{ generate_check_parameter_in_pam_file (file_stem="password") }}}
+  {{{ generate_check_parameter_in_pam_file (file_stem="common")   }}}
+
+  <!-- Check expected value of {{{ PRM_NAME }}} parameter in /etc/security/faillock.conf -->
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" version="1"
+			      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"
+			      comment="Check the expected {{{ PRM_NAME }}} value in /etc/security/faillock.conf">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"/>
+    {{% if VARIABLE_UPPER_BOUND is defined and VARIABLE_UPPER_BOUND != "none" %}}
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_upper_bound"/>
+    {{% endif %}}
+    {{% if VARIABLE_LOWER_BOUND is defined and VARIABLE_LOWER_BOUND != "none" %}}
+    <ind:state state_ref="state_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_lower_bound"/>
+    {{% endif %}}
+  </ind:textfilecontent54_test>
+
+  <!-- Check absence of {{{ PRM_NAME }}} parameter in /etc/security/faillock.conf -->
+  <ind:textfilecontent54_test
+      check="all" check_existence="none_exist" version="1"
+      id="test_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_no_faillock_conf"
+      comment="Check the absence of {{{ PRM_NAME }}} parameter in /etc/security/faillock.conf">
+    <ind:object object_ref="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"/>
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object
+      version="1"
+      id="object_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_parameter_faillock_conf"
+      comment="Check the expected pam_faillock.so {{{ PRM_NAME }}} parameter in /etc/security/faillock.conf">
+    <ind:filepath>/etc/security/faillock.conf</ind:filepath>
+    <ind:pattern
+	operation="pattern match"
+	var_ref="var_accounts_passwords_pam_faillock_{{{ PRM_NAME }}}_faillock_conf_{{{ PRM_NAME }}}_parameter_regex"/>
+    <ind:instance datatype="int" operation="equals">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+</def-group>
diff --git a/shared/templates/pam_account_password_faillock/template.yml b/shared/templates/pam_account_password_faillock/template.yml
new file mode 100644
index 00000000000..b57de6fbb63
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/template.yml
@@ -0,0 +1,4 @@
+supported_languages:
+  - ansible
+  - bash
+  - oval
diff --git a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
new file mode 100644
index 00000000000..b3232cc93ec
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# remediation = none
+
+SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+
+# This modification will break the integrity checks done by authselect.
+if ! $(grep -q "^[^#].*pam_pwhistory\.so.*remember=" $SYSTEM_AUTH_FILE); then
+	sed -i "/^password.*requisite.*pam_pwquality\.so/a password    requisite     pam_pwhistory.so" $SYSTEM_AUTH_FILE
+else
+   sed -i "s/\(.*pam_pwhistory\.so.*remember=\)[[:digit:]]\+\s\(.*\)/\1/g" $SYSTEM_AUTH_FILE
+fi
diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
new file mode 100644
index 00000000000..24f5731f63d
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# packages = authselect,pam
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+
+pam_files=("password-auth" "system-auth")
+
+authselect create-profile testingProfile --base-on minimal
+
+CUSTOM_PROFILE_DIR="/etc/authselect/custom/testingProfile"
+
+authselect select --force custom/testingProfile
+
+truncate -s 0 /etc/security/faillock.conf
+
+echo "deny = 3" > /etc/security/faillock.conf
+
+{{{ bash_pam_faillock_enable() }}}
+
+for file in ${pam_files[@]}; do
+    if grep -qP "auth.*faillock\.so.*preauth" $CUSTOM_PROFILE_DIR/$file; then
+        sed -i "/^\s*auth.*faillock\.so.*preauth/ s/$/deny=3/" \
+            "$CUSTOM_PROFILE_DIR/$file"
+    else 
+        sed -i "0,/^\s*auth.*/i auth required pam_faillock.so preauth deny=3" \
+        "$CUSTOM_PROFILE_DIR/$file"
+    fi
+done
+
+
+authselect apply-changes
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
new file mode 100644
index 00000000000..aa3ca061de7
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+# packages = authselect
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# remediation = none
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authselect select sssd --force
+authselect enable-feature with-faillock
+# This test scenario simulates conflicting settings in pam and faillock.conf files.
+# It means that authselect is not properly configured and may have a unexpected behaviour. The
+# authselect integrity check will fail and the remediation will be aborted in order to preserve
+# intentional changes. In this case, an informative message will be shown in the remediation report.
+sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
+> /etc/security/faillock.conf
+echo "deny = 3" >> /etc/security/faillock.conf
+echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
new file mode 100644
index 00000000000..579e5670ea1
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+{{%- if product in ["rhel7"] %}}
+# packages = authconfig
+{{%- else %}}
+# packages = authselect
+{{%- endif %}}
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+if [ -f /usr/sbin/authconfig ]; then
+    authconfig --disablefaillock --update
+else
+    authselect select sssd --force
+    authselect disable-feature with-faillock
+fi
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
new file mode 100644
index 00000000000..e770e300f52
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# packages = authselect
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authselect select sssd --force
+authselect enable-feature with-faillock
+> /etc/security/faillock.conf
+echo "deny = 3" >> /etc/security/faillock.conf
+echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh
new file mode 100644
index 00000000000..24936609706
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_pam_files.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = authconfig
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_fedora
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authconfig --enablefaillock --faillockargs="deny=3" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
new file mode 100644
index 00000000000..fd57152b8c4
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# packages = authselect
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authselect select sssd --force
+authselect enable-feature with-faillock
+> /etc/security/faillock.conf
+echo "deny = 5" >> /etc/security/faillock.conf
+echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh
new file mode 100644
index 00000000000..34405f59422
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_pam_files.fail.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = authconfig
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_fedora
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authconfig --enablefaillock --faillockargs="deny=5" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
new file mode 100644
index 00000000000..efb57601cb9
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+# packages = authselect
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# remediation = none
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authselect select sssd --force
+authselect enable-feature with-faillock
+# Ensure the parameters only in /etc/security/faillock.conf
+sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
+> /etc/security/faillock.conf
+echo "deny = 3" >> /etc/security/faillock.conf
+echo "silent" >> /etc/security/faillock.conf
+
+# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
+# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
+# in order to preserve intentional changes.
+echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
new file mode 100644
index 00000000000..dbc12db6b9f
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_pam_files.fail.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# packages = authconfig
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_fedora
+# remediation = none
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authconfig --enablefaillock --faillockargs="deny=3" --update
+
+# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
+# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
+# in order to preserve intentional changes.
+echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/password-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
new file mode 100644
index 00000000000..b780f320362
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+{{%- if product in ["rhel7"] %}}
+# packages = authconfig
+{{%- else %}}
+# packages = authselect
+# remediation = none
+{{%- endif %}}
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+# This test scenario manually modify the pam_faillock.so entries in auth section from
+# "required" to "sufficient". This makes pam_faillock.so behave differently than initially
+# intentioned. We catch this, but we can't safely remediate in an automated way.
+if [ -f /usr/sbin/authconfig ]; then
+    authconfig --enablefaillock --faillockargs="deny=3" --update
+else
+    authselect select sssd --force
+    authselect enable-feature with-faillock
+    sed -i --follow-symlinks 's/\(pam_faillock.so \(preauth silent\|authfail\)\).*$/\1 deny=3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
+fi
+sed -i --follow-symlinks 's/\(^\s*auth\s*\)\(\s.*\)\(pam_faillock\.so.*$\)/\1 sufficient \3/g' /etc/pam.d/system-auth /etc/pam.d/password-auth
+if [ -f /etc/security/faillock.conf ]; then
+    > /etc/security/faillock.conf
+fi
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
new file mode 100644
index 00000000000..595b85192da
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# packages = authselect
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authselect select sssd --force
+authselect enable-feature with-faillock
+> /etc/security/faillock.conf
+echo "deny = 2" >> /etc/security/faillock.conf
+echo "silent" >> /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh
new file mode 100644
index 00000000000..03f93edaa4f
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_pam_files.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# packages = authconfig
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_fedora
+# variables = var_accounts_passwords_pam_faillock_deny=3
+
+authconfig --enablefaillock --faillockargs="deny=2" --update
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
new file mode 100644
index 00000000000..06e07a9d968
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_commented_values.fail.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-auth
+sed -i 's/\(^.*pam_faillock\.so.*\)/# \1/' /etc/pam.d/common-account
+
+echo "#deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
new file mode 100644
index 00000000000..e64fb3528e8
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_common.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Create passing pam.d files based on defaults from a clean installation of Ubuntu 22.04 LTS
+# Extra comments and whitespaces were added to test for edge cases
+
+cat >/etc/pam.d/common-auth <<EOF
+ ## Leading and trailing whitespaces should be ok
+ auth required  pam_faillock.so     preauth 
+# here are the per-package modules (the "Primary" block)
+auth    [success=2 default=ignore]      pam_unix.so nullok
+## Several lines of comments should not
+## break faillock remediation logic
+## Nor should commented pam_unix
+#auth    [success=2 default=ignore]      pam_unix.so nullok
+
+auth    [success=1 default=ignore]      pam_sss.so use_first_pass
+
+ ## Some more user comments
+ auth [default=die]  pam_faillock.so authfail 
+ ## and some more
+ auth sufficient     pam_faillock.so authsucc 
+
+# here's the fallback if no module succeeds
+auth    requisite                       pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth    required                        pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth    optional                        pam_cap.so 
+# end of pam-auth-update config
+EOF
+
+
+cat >/etc/pam.d/common-account <<EOF
+# here are the per-package modules (the "Primary" block)
+account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so 
+# here's the fallback if no module succeeds
+account requisite                       pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account required                        pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+account sufficient                      pam_localuser.so 
+account [default=bad success=ok user_unknown=ignore]    pam_sss.so 
+# end of pam-auth-update config
+
+  account required  pam_faillock.so 
+EOF
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh
new file mode 100644
index 00000000000..17e2131675e
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct.pass.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+echo "deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
new file mode 100644
index 00000000000..e6d203a01c5
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_correct_pamd.pass.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+sed -i 's/\(.*pam_faillock.so.*\)/\1 deny=1/g' /etc/pam.d/common-auth
+
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
new file mode 100644
index 00000000000..3b73ba396a6
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_empty_faillock_conf.fail.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+# This test should fail because neither pam.d or faillock.conf have deny defined
+
+source ubuntu_common.sh
+
+echo > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
new file mode 100644
index 00000000000..40c103dc6f9
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_missing_pamd.fail.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+sed -i '/pam_faillock\.so/d' /etc/pam.d/common-auth
+sed -i '/pam_faillock\.so/d' /etc/pam.d/common-account
+
+echo "deny=1" > /etc/security/faillock.conf
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
new file mode 100644
index 00000000000..23be5083c6f
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_multiple_pam_unix.fail.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+# remediation = none
+
+# Multiple instances of pam_unix.so in auth section may, intentionally or not, interfere
+# in the expected behaviour of pam_faillock.so. Remediation does not solve this automatically
+# in order to preserve intentional changes.
+
+source ubuntu_common.sh
+
+echo "auth        sufficient       pam_unix.so" >> /etc/pam.d/common-auth
diff --git a/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh b/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
new file mode 100644
index 00000000000..d236f32cb8b
--- /dev/null
+++ b/shared/templates/pam_account_password_faillock/tests/ubuntu_wrong_value.fail.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+echo "deny=999" > /etc/security/faillock.conf