From b803d187bf428f928115d3503c5bb4f8b092d119 Mon Sep 17 00:00:00 2001
From: Harold Dean <hdean3@users.noreply.github.com>
Date: Fri, 27 Feb 2026 15:15:35 -0500
Subject: [PATCH] =?UTF-8?q?[OL9=20STIG=20V2R3]=20Add=20stigid@ol9=20?=
 =?UTF-8?q?=E2=80=94=20Networking=20&=20Firewall=20(6=20rules)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../firewalld_activation/package_firewalld_installed/rule.yml    | 1 +
 .../firewalld_activation/service_firewalld_enabled/rule.yml      | 1 +
 .../ruleset_modifications/configure_firewalld_ports/rule.yml     | 1 +
 .../configured_firewalld_default_deny/rule.yml                   | 1 +
 .../package_policycoreutils-python-utils_installed/rule.yml      | 1 +
 .../system/selinux/package_policycoreutils_installed/rule.yml    | 1 +
 6 files changed, 6 insertions(+)

diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 0b974a275b36..dba1146a14d3 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -36,6 +36,7 @@ references:
     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
     stigid@ol7: OL07-00-040520
     stigid@ol8: OL08-00-040100
+    stigid@ol9: OL09-00-000220
     stigid@sle15: SLES-15-010220
 
 ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 2ae1eb0991d0..aa6dae93720a 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -42,6 +42,7 @@ references:
     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
     stigid@ol7: OL07-00-040520
     stigid@ol8: OL08-00-040101
+    stigid@ol9: OL09-00-000221
     stigid@sle15: SLES-15-010220
 
 ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
index 4b1bf01344a0..dfdb77cd86ec 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
@@ -47,6 +47,7 @@ references:
     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115
     stigid@ol7: OL07-00-040100
     stigid@ol8: OL08-00-040030
+    stigid@ol9: OL09-00-000222
 
 ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured'
 
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
index aa4e9d75a3a4..584021f03c09 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
@@ -23,6 +23,7 @@ references:
     nist: AC-17 (1)
     srg: SRG-OS-000297-GPOS-00115
     stigid@ol8: OL08-00-040090
+    stigid@ol9: OL09-00-000224
 
 ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"'
 
diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
index e345282b5e21..1ecb60f8d515 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     srg: SRG-OS-000480-GPOS-00227
+    stigid@ol9: OL09-00-000210
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index b489a0fd0fab..e04c14bcaf2e 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -32,6 +32,7 @@ identifiers:
 references:
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
     stigid@ol8: OL08-00-010171
+    stigid@ol9: OL09-00-000200
 
 ocil_clause: 'the policycoreutils package is not installed'