Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more SLE-15 stigs and CCE IDs to existing rules #6778

Merged
merged 4 commits into from
Apr 6, 2021
Merged

Add more SLE-15 stigs and CCE IDs to existing rules #6778

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
533dc29
Add more SLE-15 stigs abd CCE IDs to existing rules
brett060102 Mar 30, 2021
e76308d
fix duplicate CCE IDs
brett060102 Mar 31, 2021
6aba4c1
remove spaces from nist records
brett060102 Apr 1, 2021
62b4c99
missed a couple of spaces in nist records
brett060102 Apr 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ identifiers:
cce@rhel7: CCE-27471-2
cce@rhel8: CCE-80896-4
cce@sle12: CCE-83014-1
cce@sle15: CCE-85667-4

references:
stigid@ol7: OL07-00-010300
Expand All @@ -34,12 +35,14 @@ references:
disa: CCI-000366,CCI-000766
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
nist@sle15: CM-6 b,CM-6.1 (iv)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we might have to check if spaces in the references section can be a problem. I've seen that a lot of them proposed in this PR contain spaces.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ggbecker I can update to replace with (a),(b) etc, but that would be slightly different from what is in our STIG. I did not see an issue when I built this. I know we can't have a space following the comma. I am not sure about before the comma since I have not tried that case. I am OK with removing the spaces. I do see one other nist record with spaces:
jre/guide/java/java_jre_disable_untrusted_sources_locked/rule.yml: nist: SC-18 (3)
The only other occurrences I see are in sle12 or sle15 records. Again, happy to removes, so please advise.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that the build system is able to work with spaces. It splits using comma as the separator (https://github.com/ComplianceAsCode/content/blob/master/ssg/build_yaml.py#L1261).

So, I don't have any strong opinions against it. It's just for the sake of consistency, and I do understand that in the original NIST references the spaces are present. To be honest, I don't know if there was a reason to strip these whitespaces, it goes beyond my time in this project.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ggbecker The spaces should be gone now.

nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3
ospp: FIA_UAU.1
srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229
vmmsrg: SRG-OS-000480-VMM-002000
stigid@rhel7: RHEL-07-010300
stigid@sle12: SLES-12-030150
stigid@sle15: SLES-15-040440
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 5.2,SR 7.6'
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
cobit5: APO01.06,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06
Expand Down
3 changes: 3 additions & 0 deletions linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ severity: medium
identifiers:
cce@rhel7: CCE-83359-0
cce@rhel8: CCE-83360-8
cce@sle15: CCE-85707-8

references:
cis@rhel7: 5.2.4
Expand All @@ -34,9 +35,11 @@ references:
cis@sle15: 5.2.6
stigid@rhel7: RHEL-07-040710
stigid@ol7: OL07-00-040710
stigid@sle15: SLES-15-040290
srg: SRG-OS-000480-GPOS-00227
disa: CCI-000366
nist: CM-6(b)
nist@sle15: CM-6.1 (iv)
stigid@rhel8: RHEL-08-040340

template:
Expand Down
3 changes: 3 additions & 0 deletions linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ identifiers:
cce@rhel7: CCE-27363-1
cce@rhel8: CCE-80903-8
cce@sle12: CCE-83015-8
cce@sle15: CCE-85666-6

references:
stigid@ol7: OL07-00-010460
Expand All @@ -29,11 +30,13 @@ references:
disa: CCI-000366
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
nist@sle15: CM-6 b,CM-6.1 (iv)
nist-csf: PR.IP-1
srg: SRG-OS-000480-GPOS-00229
vmmsrg: SRG-OS-000480-VMM-002000
stigid@rhel7: RHEL-07-010460
stigid@sle12: SLES-12-030151
stigid@sle15: SLES-15-040440
isa-62443-2013: 'SR 7.6'
isa-62443-2009: 4.3.4.3.2,4.3.4.3.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
Expand Down
7 changes: 6 additions & 1 deletion .../system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: sle12
prodtype: sle12,sle15

title: 'Display the Standard Mandatory DoD Notice and Consent Banner until Explicit Acknowledgement'

Expand Down Expand Up @@ -54,10 +54,15 @@ severity: medium

identifiers:
cce@sle12: CCE-83003-4
cce@sle15: CCE-85668-2

references:
stigid@sle12: SLES-12-010020
stigid@sle15: SLES-15-010050
disa@sle12: CCI-000048,CCI-000050
disa@sle15: CCI-000048,CCI-000050
srg@: SRG-OS-000023-GPOS-00006
nist: AC-8 a,AC-8.1 (ii),AC-8 b,AC-8.1 (iii)

ocil_clause: 'the GNOME environment does not display the standard mandatory DoD notice and consent banner'

Expand Down
2 changes: 1 addition & 1 deletion ...-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
Expand Down
5 changes: 4 additions & 1 deletion ...s/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15

title: 'Limit Password Reuse'

Expand Down Expand Up @@ -28,6 +28,7 @@ severity: medium
identifiers:
cce@rhel7: CCE-82030-8
cce@rhel8: CCE-80666-1
cce@sle15: CCE-85678-1

references:
stigid@ol7: OL07-00-010270
Expand All @@ -38,10 +39,12 @@ references:
disa: CCI-000200
nist: IA-5(f),IA-5(1)(e)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
nist@sle15: IA-5(1)(e),IA-5 (1).1 (v)
pcidss: Req-8.2.5
srg: SRG-OS-000077-GPOS-00045
vmmsrg: SRG-OS-000077-VMM-000440
stigid@rhel7: RHEL-07-010270
stigid@sle15: SLES-15-020250
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
Expand Down
5 changes: 4 additions & 1 deletion ...ssword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: sle12
prodtype: sle12,sle15

title: 'Set Password Strength Minimum Different Characters'

Expand All @@ -24,12 +24,15 @@ severity: medium

identifiers:
cce@sle12: CCE-83170-1
cce@sle15: CCE-85677-3

references:
disa@sle12: CCI-000195
nist@sle12: IA-5(b),IA-5(v)
nist@sle15: IA-5 (1).1 (v),IA-5 (1) (b)
srg@sle12: SRG-OS-000072-GPOS-00040
stigid@sle12: SLES-12-010190
stigid@sle15: SLES-15-020160

ocil_clause: 'difok is not found or not set to the required value'

Expand Down
7 changes: 6 additions & 1 deletion ...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: sle12
prodtype: sle12,sle15

title: 'Set Password Strength Minimum Lowercase Characters'

Expand All @@ -21,12 +21,17 @@ severity: medium

identifiers:
cce@sle12: CCE-83167-7
cce@sle15: CCE-85676-5

references:
disa@sle12: CCI-000193
disa@sle15: CCI-000193
nist@sle12: IA-5(a),IA-5(v)
nist@sle15: IA-5 (1) (a),IA-5 (1).1 (v)
srg@sle12: SRG-OS-000070-GPOS-00038
srg@sle15: SRG-OS-000070-GPOS-00038
stigid@sle12: SLES-12-010160
stigid@sle15: SLES-15-020140

ocil_clause: 'lcredit is not found or not set to the required value'

Expand Down
8 changes: 7 additions & 1 deletion ...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: sle12
prodtype: sle12,sle15

title: 'Set Password Strength Minimum Uppercase Characters'

Expand All @@ -21,12 +21,18 @@ severity: medium

identifiers:
cce@sle12: CCE-83166-9
cce@sle15: CCE-85675-7

references:
disa@sle12: CCI-000192
disa@sle15: CCI-000192
nist@sle12: IA-5(a),IA-5(v)
nist@sle15: IA-5 (1) (a),IA-5 (1).1 (v)
stigid@sle12: SLES-12-010150
stigid@sle15: SLES-15-020130
srg@sle12: SRG-OS-000069-GPOS-00037
srg@sle15: SRG-OS-000069-GPOS-00037


ocil_clause: 'ucredit is not found or not set to the required value'

Expand Down
2 changes: 1 addition & 1 deletion ...guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = disable
# complexity = low
Expand Down
6 changes: 5 additions & 1 deletion linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4
prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15

title: 'Disable Ctrl-Alt-Del Burst Action'

Expand All @@ -24,20 +24,24 @@ identifiers:
cce@rhel7: CCE-80449-2
cce@rhel8: CCE-80784-2
cce@rhcos4: CCE-82495-3
cce@sle15: CCE-85665-8

references:
cui: 3.4.5
disa: CCI-000366
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)
nist: CM-6(a),AC-6(1),CM-6(a)
nist@sle15: CM-6 b,CM-6.1 (iv)
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000324-GPOS-00125
srg@sle15: SRG-OS-000480-GPOS-00227
isa-62443-2013: 'SR 2.1,SR 5.2'
isa-62443-2009: 4.3.3.7.3
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
cis-csc: 12,13,14,15,16,18,3,5
stigid@rhel8: RHEL-08-040172
stigid@sle15: SLES-15-040062

ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.'

Expand Down
3 changes: 3 additions & 0 deletions ...counts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,20 @@ identifiers:
cce@rhel7: CCE-82036-5
cce@rhel8: CCE-80648-9
cce@sle12: CCE-83049-7
cce@sle15: CCE-85678-1

references:
stigid@ol7: OL07-00-010230
cjis: 5.6.2.1.1
cui: 3.5.8
disa: CCI-000198
nist: IA-5(f),IA-5(1)(d),CM-6(a)
nist@sle15: IA-5 (1) (d),IA-5 (1).1 (v)
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
srg: SRG-OS-000075-GPOS-00043
stigid@rhel7: RHEL-07-010230
stigid@sle12: SLES-12-010270
stigid@sle15: SLES-15-020200
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1'
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
Expand Down
4 changes: 4 additions & 0 deletions ...de/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ identifiers:
cce@rhel8: CCE-80649-7
cce@rhcos4: CCE-82699-0
cce@sle12: CCE-83020-8
cce@sle15: CCE-85664-1

references:
stigid@ol7: OL07-00-020310
Expand All @@ -35,9 +36,12 @@ references:
disa: CCI-000366
nist: IA-2,AC-6(5),IA-4(b)
nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5
nist@sle12: CM-6 b,CM-6.1 (iv)
nist@sle15: CM-6 b,CM-6.1 (iv)
srg: SRG-OS-000480-GPOS-00227
stigid@rhel7: RHEL-07-020310
stigid@sle12: SLES-12-010650
stigid@sle15: SLES-15-020100
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 5.2'
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4
cobit5: APO01.06,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.10
Expand Down
2 changes: 1 addition & 1 deletion ...counts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/oval/shared.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
<!-- Get all /etc/passwd entries having shell defined as OVAL object -->
<ind:textfilecontent54_object id="object_etc_passwd_entries" version="1">
<ind:filepath>/etc/passwd</ind:filepath>
<ind:pattern operation="pattern match">^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
<ind:pattern operation="pattern match">^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/usr\/sbin\/nologin|\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
<ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
</ind:textfilecontent54_object>

Expand Down
7 changes: 6 additions & 1 deletion ...stem/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8
prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15

title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'

Expand Down Expand Up @@ -28,12 +28,17 @@ identifiers:
cce@rhel7: CCE-82015-9
cce@rhel8: CCE-80843-6
cce@rhcos4: CCE-82697-4
cce@sle15: CCE-85672-4

references:
cis@rhel7: 5.4.2
cis@rhel8: 5.5.2
nist: AC-6,CM-6(a)
disa@sle15: CCI-000366
srg: SRG-OS-000480-GPOS-00227
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
nist@sle15: CM-6 b,CM-6.1 (iv)
stigid@sle15: SLES-15-020091
isa-62443-2013: 'SR 1.1,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 6.2'
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4
cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS06.03
Expand Down
5 changes: 4 additions & 1 deletion ...x_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15

title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'

Expand All @@ -22,14 +22,17 @@ identifiers:
cce@rhel7: CCE-80532-5
cce@rhel8: CCE-83434-1
cce@sle12: CCE-83096-8
cce@sle15: CCE-85711-0

references:
stigid@ol7: OL07-00-020650
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
nist@sle15: CM-6 b,CM-6.1 (iv)
stigid@rhel7: RHEL-07-020650
cis@rhel8: 6.2.8
stigid@sle12: SLES-12-010750
stigid@sle15: SLES-15-040100
stigid@rhel8: RHEL-08-010740

ocil_clause: 'the group ownership is incorrect'
Expand Down
5 changes: 5 additions & 0 deletions ...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ identifiers:
cce@rhel8: CCE-80686-9
cce@rhcos4: CCE-82557-0
cce@sle12: CCE-83137-0
cce@sle15: CCE-85690-6

references:
stigid@ol7: OL07-00-030370
Expand All @@ -39,16 +40,20 @@ references:
cjis: 5.4.1.1
cui: 3.1.7
disa: CCI-000126,CCI-000172
disa@sle15: CCI-000130,CCI-002884,CCI-000169
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
nist: AU-2(d),AU-12(c),CM-6(a)
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
nist@sle15: AU-3,AU-3.1,AU-12 c,AU-12.1 (iv),AU-12 a,AU-12.1 (ii),MA-4 (1) (a)
ospp: FAU_GEN.1.1.c
pcidss: Req-10.5.5
srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
srg@sle12: SRG-OS-000037-GPOS-00015
srg@sle15: SRG-OS-000062-GPOS-00031,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
stigid@rhel7: RHEL-07-030370
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
Expand Down