Merge pull request #6778 from brett060102/SUSE_stigs_d584bee248b212

Add more SLE-15 stigs and CCE IDs to existing rules
ComplianceAsCode · Apr 6, 2021 · 61ec9ac · 61ec9ac
2 parents 6c26666 + 62b4c99
commit 61ec9ac
Show file tree

Hide file tree

Showing 52 changed files with 274 additions and 27 deletions.
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -22,6 +22,7 @@ identifiers:
     cce@rhel7: CCE-27471-2
     cce@rhel8: CCE-80896-4
     cce@sle12: CCE-83014-1
+    cce@sle15: CCE-85667-4
 
 references:
     stigid@ol7: OL07-00-010300
@@ -34,12 +35,14 @@ references:
     disa: CCI-000366,CCI-000766
     hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
     nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
+    nist@sle15: CM-6(b),CM-6.1(iv)
     nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3
     ospp: FIA_UAU.1
     srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229
     vmmsrg: SRG-OS-000480-VMM-002000
     stigid@rhel7: RHEL-07-010300
     stigid@sle12: SLES-12-030150
+    stigid@sle15: SLES-15-040440
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 5.2,SR 7.6'
     isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
     cobit5: APO01.06,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -26,6 +26,7 @@ severity: medium
 identifiers:
     cce@rhel7: CCE-83359-0
     cce@rhel8: CCE-83360-8
+    cce@sle15: CCE-85707-8
 
 references:
     cis@rhel7: 5.2.4
@@ -34,9 +35,11 @@ references:
     cis@sle15: 5.2.6
     stigid@rhel7: RHEL-07-040710
     stigid@ol7: OL07-00-040710
+    stigid@sle15: SLES-15-040290
     srg: SRG-OS-000480-GPOS-00227
     disa: CCI-000366
     nist: CM-6(b)
+    nist@sle15: CM-6.1(iv)
     stigid@rhel8: RHEL-08-040340
 
 template:

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -18,6 +18,7 @@ identifiers:
     cce@rhel7: CCE-27363-1
     cce@rhel8: CCE-80903-8
     cce@sle12: CCE-83015-8
+    cce@sle15: CCE-85666-6
 
 references:
     stigid@ol7: OL07-00-010460
@@ -29,11 +30,13 @@ references:
     disa: CCI-000366
     hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
     nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
+    nist@sle15: CM-6(b),CM-6.1(iv)
     nist-csf: PR.IP-1
     srg: SRG-OS-000480-GPOS-00229
     vmmsrg: SRG-OS-000480-VMM-002000
     stigid@rhel7: RHEL-07-010460
     stigid@sle12: SLES-12-030151
+    stigid@sle15: SLES-15-040440
     isa-62443-2013: 'SR 7.6'
     isa-62443-2009: 4.3.4.3.2,4.3.4.3.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05

diff --git a/.../system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml b/.../system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12
+prodtype: sle12,sle15
 
 title: 'Display the Standard Mandatory DoD Notice and Consent Banner until Explicit Acknowledgement'
 
@@ -54,10 +54,15 @@ severity: medium
 
 identifiers:
     cce@sle12: CCE-83003-4
+    cce@sle15: CCE-85668-2
 
 references:
     stigid@sle12: SLES-12-010020
+    stigid@sle15: SLES-15-010050
     disa@sle12: CCI-000048,CCI-000050
+    disa@sle15: CCI-000048,CCI-000050
+    srg@: SRG-OS-000023-GPOS-00006
+    nist: AC-8 a,AC-8.1 (ii),AC-8 b,AC-8.1 (iii)
 
 ocil_clause: 'the GNOME environment does not display the standard mandatory DoD notice and consent banner'
 

diff --git a/...-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/...-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 # reboot = false
 # strategy = configure
 # complexity = low

diff --git a/...s/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/...s/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15
 
 title: 'Limit Password Reuse'
 
@@ -28,6 +28,7 @@ severity: medium
 identifiers:
     cce@rhel7: CCE-82030-8
     cce@rhel8: CCE-80666-1
+    cce@sle15: CCE-85678-1
 
 references:
     stigid@ol7: OL07-00-010270
@@ -38,10 +39,12 @@ references:
     disa: CCI-000200
     nist: IA-5(f),IA-5(1)(e)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
+    nist@sle15: IA-5(1)(e),IA-5(1).1(v)
     pcidss: Req-8.2.5
     srg: SRG-OS-000077-GPOS-00045
     vmmsrg: SRG-OS-000077-VMM-000440
     stigid@rhel7: RHEL-07-010270
+    stigid@sle15: SLES-15-020250
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
     isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4
     cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10

diff --git a/...ssword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml b/...ssword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12
+prodtype: sle12,sle15
 
 title: 'Set Password Strength Minimum Different Characters'
 
@@ -24,12 +24,15 @@ severity: medium
 
 identifiers:
     cce@sle12: CCE-83170-1
+    cce@sle15: CCE-85677-3
 
 references:
     disa@sle12: CCI-000195
     nist@sle12: IA-5(b),IA-5(v)
+    nist@sle15: IA-5(1).1(v),IA-5(1)(b)
     srg@sle12: SRG-OS-000072-GPOS-00040
     stigid@sle12: SLES-12-010190
+    stigid@sle15: SLES-15-020160
 
 ocil_clause: 'difok is not found or not set to the required value'
 

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12
+prodtype: sle12,sle15
 
 title: 'Set Password Strength Minimum Lowercase Characters'
 
@@ -21,12 +21,17 @@ severity: medium
 
 identifiers:
    cce@sle12: CCE-83167-7
+   cce@sle15: CCE-85676-5
 
 references:
     disa@sle12: CCI-000193
+    disa@sle15: CCI-000193
     nist@sle12: IA-5(a),IA-5(v)
+    nist@sle15: IA-5(1)(a),IA-5(1).1(v)
     srg@sle12: SRG-OS-000070-GPOS-00038
+    srg@sle15: SRG-OS-000070-GPOS-00038
     stigid@sle12: SLES-12-010160
+    stigid@sle15: SLES-15-020140
 
 ocil_clause: 'lcredit is not found or not set to the required value'
 

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12
+prodtype: sle12,sle15
 
 title: 'Set Password Strength Minimum Uppercase Characters'
 
@@ -21,12 +21,18 @@ severity: medium
 
 identifiers:
     cce@sle12: CCE-83166-9
+    cce@sle15: CCE-85675-7
 
 references:
     disa@sle12: CCI-000192
+    disa@sle15: CCI-000192
     nist@sle12: IA-5(a),IA-5(v)
+    nist@sle15: IA-5(1)(a),IA-5(1).1(v)
     stigid@sle12: SLES-12-010150
+    stigid@sle15: SLES-15-020130
     srg@sle12: SRG-OS-000069-GPOS-00037
+    srg@sle15: SRG-OS-000069-GPOS-00037
+
 
 ocil_clause: 'ucredit is not found or not set to the required value'
 

diff --git a/...guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/...guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = disable
 # complexity = low

diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
 
 title: 'Disable Ctrl-Alt-Del Burst Action'
 
@@ -24,20 +24,24 @@ identifiers:
     cce@rhel7: CCE-80449-2
     cce@rhel8: CCE-80784-2
     cce@rhcos4: CCE-82495-3
+    cce@sle15: CCE-85665-8
 
 references:
     cui: 3.4.5
     disa: CCI-000366
     hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)
     nist: CM-6(a),AC-6(1),CM-6(a)
+    nist@sle15: CM-6(b),CM-6.1(iv)
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000324-GPOS-00125
+    srg@sle15: SRG-OS-000480-GPOS-00227
     isa-62443-2013: 'SR 2.1,SR 5.2'
     isa-62443-2009: 4.3.3.7.3
     cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
     cis-csc: 12,13,14,15,16,18,3,5
     stigid@rhel8: RHEL-08-040172
+    stigid@sle15: SLES-15-040062
 
 ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.'
 

diff --git a/...counts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/...counts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -27,17 +27,20 @@ identifiers:
     cce@rhel7: CCE-82036-5
     cce@rhel8: CCE-80648-9
     cce@sle12: CCE-83049-7
+    cce@sle15: CCE-85720-1
 
 references:
     stigid@ol7: OL07-00-010230
     cjis: 5.6.2.1.1
     cui: 3.5.8
     disa: CCI-000198
     nist: IA-5(f),IA-5(1)(d),CM-6(a)
+    nist@sle15: IA-5(1)(d),IA-5(1).1(v)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
     srg: SRG-OS-000075-GPOS-00043
     stigid@rhel7: RHEL-07-010230
     stigid@sle12: SLES-12-010270
+    stigid@sle15: SLES-15-020200
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
     isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4
     cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10

diff --git a/...de/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/...de/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -26,6 +26,7 @@ identifiers:
     cce@rhel8: CCE-80649-7
     cce@rhcos4: CCE-82699-0
     cce@sle12: CCE-83020-8
+    cce@sle15: CCE-85664-1
 
 references:
     stigid@ol7: OL07-00-020310
@@ -35,9 +36,12 @@ references:
     disa: CCI-000366
     nist: IA-2,AC-6(5),IA-4(b)
     nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5
+    nist@sle12: CM-6(b),CM-6.1(iv)
+    nist@sle15: CM-6(b),CM-6.1(iv)
     srg: SRG-OS-000480-GPOS-00227
     stigid@rhel7: RHEL-07-020310
     stigid@sle12: SLES-12-010650
+    stigid@sle15: SLES-15-020100
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 5.2'
     isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4
     cobit5: APO01.06,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.10

diff --git a/...counts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml b/...counts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml
@@ -71,7 +71,7 @@
   <!-- Get all /etc/passwd entries having shell defined as OVAL object -->
   <ind:textfilecontent54_object id="object_etc_passwd_entries" version="1">
     <ind:filepath>/etc/passwd</ind:filepath>
-    <ind:pattern operation="pattern match">^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
+    <ind:pattern operation="pattern match">^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 

diff --git a/...stem/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/...stem/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15
 
 title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'
 
@@ -28,12 +28,17 @@ identifiers:
     cce@rhel7: CCE-82015-9
     cce@rhel8: CCE-80843-6
     cce@rhcos4: CCE-82697-4
+    cce@sle15: CCE-85672-4
 
 references:
     cis@rhel7: 5.4.2
     cis@rhel8: 5.5.2
     nist: AC-6,CM-6(a)
+    disa@sle15: CCI-000366
+    srg: SRG-OS-000480-GPOS-00227
     nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
+    nist@sle15: CM-6(b),CM-6.1(iv)
+    stigid@sle15: SLES-15-020091
     isa-62443-2013: 'SR 1.1,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 6.2'
     isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4
     cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS06.03

diff --git a/...x_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/...x_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
 
 title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'
 
@@ -22,14 +22,17 @@ identifiers:
     cce@rhel7: CCE-80532-5
     cce@rhel8: CCE-83434-1
     cce@sle12: CCE-83096-8
+    cce@sle15: CCE-85711-0
 
 references:
     stigid@ol7: OL07-00-020650
     disa: CCI-000366
     srg: SRG-OS-000480-GPOS-00227
+    nist@sle15: CM-6(b),CM-6.1(iv)
     stigid@rhel7: RHEL-07-020650
     cis@rhel8: 6.2.8
     stigid@sle12: SLES-12-010750
+    stigid@sle15: SLES-15-040100
     stigid@rhel8: RHEL-08-010740
 
 ocil_clause: 'the group ownership is incorrect'

diff --git a/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -31,6 +31,7 @@ identifiers:
     cce@rhel8: CCE-80686-9
     cce@rhcos4: CCE-82557-0
     cce@sle12: CCE-83137-0
+    cce@sle15: CCE-85690-6
 
 references:
     stigid@ol7: OL07-00-030370
@@ -39,16 +40,20 @@ references:
     cjis: 5.4.1.1
     cui: 3.1.7
     disa: CCI-000126,CCI-000172
+    disa@sle15: CCI-000130,CCI-002884,CCI-000169
     hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
     nist: AU-2(d),AU-12(c),CM-6(a)
     nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
+    nist@sle15: AU-3,AU-3.1,AU-12(c),AU-12.1(iv),AU-12(a),AU-12.1(ii),MA-4(1)(a)
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
     srg@sle12: SRG-OS-000037-GPOS-00015
+    srg@sle15: SRG-OS-000062-GPOS-00031,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030370
     stigid@sle12: SLES-12-020420
+    stigid@sle15: SLES-15-030250
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01