rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.60-rhel8_stig_v1r4-PR_7930.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ff1465361ce508f93601c5dcefe092ef09bc26bb
  2.   SOURCES
  3.   scap-security-guide-0.1.60-rhel8_stig_v1r4-PR_7930.patch
Blob History Raw
ff1465 
commit a9b9db2a5e9ad655258a0f8823f57519b6bb37f8
ff1465 
Author: Gabriel Becker <ggasparb@redhat.com>
ff1465 
Date:   Thu Feb 24 17:40:22 2022 +0100
ff1465
ff1465 
    Manual edited patch scap-security-guide-0.1.60-rhel8_stig_v1r4-PR_7930.patch.
ff1465
ff1465 
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
ff1465 
index 1b71c7d..bccc7eb 100644
ff1465 
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
ff1465 
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
ff1465 
@@ -14,7 +14,7 @@ rationale: |-
ff1465 
     A misconfigured umask value could result in files with excessive permissions that can be read or
ff1465 
     written to by unauthorized users.
ff1465
ff1465 
-severity: unknown
ff1465 
+severity: medium
ff1465
ff1465 
 identifiers:
ff1465 
     cce@rhcos4: CCE-84261-7
ff1465 
@@ -31,7 +31,8 @@ references:
ff1465 
     nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
ff1465 
     nist: AC-6(1),CM-6(a)
ff1465 
     nist-csf: PR.IP-2
ff1465 
-    srg: SRG-OS-000480-GPOS-00228
ff1465 
+    srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
ff1465 
+    stigid@rhel8: RHEL-08-020353
ff1465
ff1465 
 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
ff1465
ff1465 
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
ff1465 
index 85e98cf..822463e 100644
ff1465 
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
ff1465 
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
ff1465 
@@ -12,7 +12,7 @@ rationale: |-
ff1465 
     A misconfigured umask value could result in files with excessive permissions that can be read or
ff1465 
     written to by unauthorized users.
ff1465
ff1465 
-severity: unknown
ff1465 
+severity: medium
ff1465
ff1465 
 identifiers:
ff1465 
     cce@rhcos4: CCE-84262-5
ff1465 
@@ -33,7 +33,8 @@ references:
ff1465 
     nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
ff1465 
     nist: AC-6(1),CM-6(a)
ff1465 
     nist-csf: PR.IP-2
ff1465 
-    srg: SRG-OS-000480-GPOS-00228
ff1465 
+    srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
ff1465 
+    stigid@rhel8: RHEL-08-020353
ff1465
ff1465 
 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
ff1465
ff1465 
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
ff1465 
index 5e9a221..3582e44 100644
ff1465 
--- a/products/rhel8/profiles/stig.profile
ff1465 
+++ b/products/rhel8/profiles/stig.profile
ff1465 
@@ -1,7 +1,7 @@
ff1465 
 documentation_complete: true
ff1465
ff1465 
 metadata:
ff1465 
-    version: V1R3
ff1465 
+    version: V1R4
ff1465 
     SMEs:
ff1465 
         - ggbecker
ff1465
ff1465 
@@ -11,7 +11,7 @@ title: 'DISA STIG for Red Hat Enterprise Linux 8'
ff1465
ff1465 
 description: |-
ff1465 
     This profile contains configuration checks that align to the
ff1465 
-    DISA STIG for Red Hat Enterprise Linux 8 V1R3.
ff1465 
+    DISA STIG for Red Hat Enterprise Linux 8 V1R4.
ff1465
ff1465 
     In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
ff1465 
     configuration baseline as applicable to the operating system tier of
ff1465 
@@ -162,8 +162,6 @@ selections:
ff1465 
     # RHEL-08-010171
ff1465 
     - package_policycoreutils_installed
ff1465
ff1465 
-    # RHEL-08-010180
ff1465 
-
ff1465 
     # RHEL-08-010190
ff1465 
     - dir_perms_world_writable_sticky_bits
ff1465
ff1465 
@@ -352,7 +350,6 @@ selections:
ff1465 
     - partition_for_tmp
ff1465
ff1465 
     # RHEL-08-010544
ff1465 
-    ### NOTE: Will probably show up in V1R3 - Q3 of 21'
ff1465 
     - partition_for_var_tmp
ff1465
ff1465 
     # RHEL-08-010550
ff1465 
@@ -621,6 +618,8 @@ selections:
ff1465
ff1465 
     # RHEL-08-020353
ff1465 
     - accounts_umask_etc_bashrc
ff1465 
+    - accounts_umask_etc_csh_cshrc
ff1465 
+    - accounts_umask_etc_profile
ff1465
ff1465 
     # RHEL-08-030000
ff1465 
     - audit_rules_suid_privilege_function
ff1465 
diff --git a/products/rhel8/profiles/stig_gui.profile b/products/rhel8/profiles/stig_gui.profile
ff1465 
index 0fdd755..e1f0f71 100644
ff1465 
--- a/products/rhel8/profiles/stig_gui.profile
ff1465 
+++ b/products/rhel8/profiles/stig_gui.profile
ff1465 
@@ -1,7 +1,7 @@
ff1465 
 documentation_complete: true
ff1465
ff1465 
 metadata:
ff1465 
-    version: V1R3
ff1465 
+    version: V1R4
ff1465 
     SMEs:
ff1465 
         - ggbecker
ff1465
ff1465 
@@ -11,7 +11,7 @@ title: 'DISA STIG with GUI for Red Hat Enterprise Linux 8'
ff1465
ff1465 
 description: |-
ff1465 
     This profile contains configuration checks that align to the
ff1465 
-    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R3.
ff1465 
+    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R4.
ff1465
ff1465 
     In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
ff1465 
     configuration baseline as applicable to the operating system tier of
ff1465 
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
ff1465 
index 8d60468..9acb63a 100644
ff1465 
--- a/products/rhel9/profiles/stig.profile
ff1465 
+++ b/products/rhel9/profiles/stig.profile
ff1465 
@@ -143,8 +143,6 @@ selections:
ff1465 
     # RHEL-08-010171
ff1465 
     - package_policycoreutils_installed
ff1465
ff1465 
-    # RHEL-08-010180
ff1465 
-
ff1465 
     # RHEL-08-010190
ff1465 
     - dir_perms_world_writable_sticky_bits
ff1465
ff1465 
@@ -309,7 +307,6 @@ selections:
ff1465 
     - partition_for_tmp
ff1465
ff1465 
     # RHEL-08-010544
ff1465 
-    ### NOTE: Will probably show up in V1R3 - Q3 of 21'
ff1465 
     - partition_for_var_tmp
ff1465
ff1465 
     # RHEL-08-010550
ff1465 
@@ -566,6 +563,8 @@ selections:
ff1465
ff1465 
     # RHEL-08-020353
ff1465 
     - accounts_umask_etc_bashrc
ff1465 
+    - accounts_umask_etc_csh_cshrc
ff1465 
+    - accounts_umask_etc_profile
ff1465
ff1465 
     # RHEL-08-030000
ff1465 
 #    - audit_rules_suid_privilege_function  # not supported in RHEL9 ATM
ff1465 
diff --git a/shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
ff1465 
similarity index 80%
ff1465 
rename from shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml
ff1465 
rename to shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
ff1465 
index abff501..46c5fa1 100644
ff1465 
--- a/shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml
ff1465 
+++ b/shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
ff1465 
@@ -1,4 +1,4 @@
ff1465 
-<Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_8_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2021-06-14">accepted</status><title>Red Hat Enterprise Linux 8 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 3 Benchmark Date: 23 Jul 2021</plain-text><plain-text id="generator">3.2.2.36079</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>1</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Group id="V-230221"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230221r743913_rule" weight="10.0" severity="high"><version>RHEL-08-010000</version><title>RHEL 8 must be a vendor-supported release.</title><description><VulnDiscussion>An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
ff1465 
+<Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_8_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2021-08-18">accepted</status><title>Red Hat Enterprise Linux 8 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 4 Benchmark Date: 27 Oct 2021</plain-text><plain-text id="generator">3.2.2.36079</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>1</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description><ProfileDescription></ProfileDescription></description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Group id="V-230221"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230221r743913_rule" weight="10.0" severity="high"><version>RHEL-08-010000</version><title>RHEL 8 must be a vendor-supported release.</title><description><VulnDiscussion>An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
ff1465
ff1465 
 Red Hat offers the Extended Update Support (EUS) ad-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. The RHEL 8 minor releases eligible for EUS are 8.1, 8.2, 8.4, 8.6, and 8.8. Each RHEL 8 EUS stream is available for 24 months from the availability of the minor release. RHEL 8.10 will be the final minor release overall. For more details on the Red Hat Enterprise Linux Life Cycle  visit https://access.redhat.com/support/policy/updates/errata.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32865r567410_fix">Upgrade to a supported version of RHEL 8.</fixtext><fix id="F-32865r567410_fix" /><check system="C-32890r743912_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the version of the operating system is vendor supported.
ff1465
ff1465 
@@ -46,7 +46,7 @@ If package updates have not been performed on the system within the timeframe th
ff1465
ff1465 
 Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.
ff1465
ff1465 
-If the operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.</check-content></check></Rule></Group><Group id="V-230223"><title>SRG-OS-000033-GPOS-00014</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230223r627750_rule" weight="10.0" severity="high"><version>RHEL-08-010020</version><title>RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</title><description><VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
ff1465 
+If the operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.</check-content></check></Rule></Group><Group id="V-230223"><title>SRG-OS-000033-GPOS-00014</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230223r792855_rule" weight="10.0" severity="high"><version>RHEL-08-010020</version><title>RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</title><description><VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
ff1465
ff1465 
 RHEL 8 utilizes GRUB 2 as the default bootloader. Note that GRUB 2 command-line parameters are defined in the "kernelopts" variable of the /boot/grub2/grubenv file for all kernel boot entries.  The command "fips-mode-setup" modifies the "kernelopts" variable, which in turn updates all kernel boot entries.
ff1465
ff1465 
@@ -60,19 +60,17 @@ Enable FIPS mode after installation (not strict FIPS compliant) with the followi
ff1465
ff1465 
 $ sudo fips-mode-setup --enable
ff1465
ff1465 
-Reboot the system for the changes to take effect.</fixtext><fix id="F-32867r567416_fix" /><check system="C-32892r567415_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system implements DoD-approved encryption to protect the confidentiality of remote access sessions.
ff1465 
+Reboot the system for the changes to take effect.</fixtext><fix id="F-32867r567416_fix" /><check system="C-32892r792854_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system implements DoD-approved encryption to protect the confidentiality of remote access sessions.
ff1465
ff1465 
 Check to see if FIPS mode is enabled with the following command:
ff1465
ff1465 
-$ sudo fipscheck
ff1465 
+$ fips-mode-setup --check
ff1465
ff1465 
-usage: fipscheck [-s <hmac-suffix>] <paths-to-files>
ff1465 
+FIPS mode is enabled
ff1465
ff1465 
-fips mode is on
ff1465 
+If FIPS mode is "enabled", check to see if the kernel boot parameter is configured for FIPS mode with the following command:
ff1465
ff1465 
-If FIPS mode is "on", check to see if the kernel boot parameter is configured for FIPS mode with the following command:
ff1465 
-
ff1465 
-$ sudo grub2-editenv - list | grep fips
ff1465 
+$ sudo grub2-editenv list | grep fips
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -480,21 +478,7 @@ $ sudo yum list installed policycoreutils
ff1465
ff1465 
 policycoreutils.x86_64                                              2.9-3.el8                                                  @anaconda
ff1465
ff1465 
-If the policycoreutils package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230242"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230242r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010180</version><title>All RHEL 8 public directories must be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
-
ff1465 
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465 
-
ff1465 
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32886r567473_fix">Configure all public directories to be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.
ff1465 
-
ff1465 
-Set the owner of all public directories as root or a system account using the command, replace "[Public Directory]" with any directory path not owned by root or a system account:
ff1465 
-
ff1465 
-$ sudo chown root [Public Directory]</fixtext><fix id="F-32886r567473_fix" /><check system="C-32911r567472_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Check to see that all public directories are owned by root or a system account with the following command:
ff1465 
-
ff1465 
-$ sudo find / -type d -perm -0002 -exec ls -lLd {} \;
ff1465 
-
ff1465 
-drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp
ff1465 
-
ff1465 
-If any of the returned directories are not owned by root or a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230243"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230243r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010190</version><title>A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
+If the policycoreutils package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230243"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230243r792857_rule" weight="10.0" severity="medium"><version>RHEL-08-010190</version><title>A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465
ff1465 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465
ff1465 
@@ -502,13 +486,13 @@ There may be shared resources with configurable protections (e.g., files in stor
ff1465
ff1465 
 Set the sticky bit on all world-writable directories using the command, replace "[World-Writable Directory]" with any directory path missing the sticky bit:
ff1465
ff1465 
-$ sudo chmod 1777 [World-Writable Directory]</fixtext><fix id="F-32887r567476_fix" /><check system="C-32912r567475_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all world-writable directories have the sticky bit set.
ff1465 
+$ sudo chmod 1777 [World-Writable Directory]</fixtext><fix id="F-32887r567476_fix" /><check system="C-32912r792856_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all world-writable directories have the sticky bit set.
ff1465
ff1465 
 Check to see that all world-writable directories have the sticky bit set by running the following command:
ff1465
ff1465 
 $ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2>/dev/null
ff1465
ff1465 
-drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp
ff1465 
+drwxrwxrwt 7 root root 4096 Jul 26 11:19 /tmp
ff1465
ff1465 
 If any of the returned directories are world-writable and do not have the sticky bit set, this is a finding.</check-content></check></Rule></Group><Group id="V-230244"><title>SRG-OS-000163-GPOS-00072</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230244r743934_rule" weight="10.0" severity="medium"><version>RHEL-08-010200</version><title>RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.</title><description><VulnDiscussion>Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
ff1465
ff1465 
@@ -695,7 +679,7 @@ $ sudo grep -i  MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config
ff1465
ff1465 
 MinProtocol = TLSv1.2
ff1465
ff1465 
-If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.</check-content></check></Rule></Group><Group id="V-230256"><title>SRG-OS-000250-GPOS-00093</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230256r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010295</version><title>The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.</title><description><VulnDiscussion>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
ff1465 
+If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.</check-content></check></Rule></Group><Group id="V-230256"><title>SRG-OS-000250-GPOS-00093</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230256r792859_rule" weight="10.0" severity="medium"><version>RHEL-08-010295</version><title>The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.</title><description><VulnDiscussion>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
ff1465
ff1465 
 Transport Layer Security (TLS) encryption is a required security setting as a number of known vulnerabilities have been reported against Secure Sockets Layer (SSL) and earlier versions of TLS. Encryption of private information is essential to ensuring data confidentiality. If private information is not encrypted, it can be intercepted and easily read by an unauthorized party. SQL Server must use a minimum of FIPS 140-2-approved TLS version 1.2, and all non-FIPS-approved SSL and TLS versions must be disabled. NIST SP 800-52 specifies the preferred configurations for government systems.
ff1465
ff1465 
@@ -707,21 +691,21 @@ Satisfies: SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187</VulnDiscussion
ff1465
ff1465 
 +VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
ff1465
ff1465 
-A reboot is required for the changes to take effect.</fixtext><fix id="F-32900r567515_fix" /><check system="C-32925r567514_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the GnuTLS library is configured to only allow DoD-approved SSL/TLS Versions:
ff1465 
+A reboot is required for the changes to take effect.</fixtext><fix id="F-32900r567515_fix" /><check system="C-32925r792858_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the GnuTLS library is configured to only allow DoD-approved SSL/TLS Versions:
ff1465
ff1465 
 $ sudo grep -io +vers.*  /etc/crypto-policies/back-ends/gnutls.config
ff1465
ff1465 
 +VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM
ff1465
ff1465 
-If the "gnutls.config" does not list "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:VERS-DTLS1.0" to disable unapproved SSL/TLS versions, this is a finding.</check-content></check></Rule></Group><Group id="V-230257"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230257r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010300</version><title>RHEL 8 system commands must have mode 0755 or less permissive.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465 
+If the "gnutls.config" does not list "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0" to disable unapproved SSL/TLS versions, this is a finding.</check-content></check></Rule></Group><Group id="V-230257"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230257r792862_rule" weight="10.0" severity="medium"><version>RHEL-08-010300</version><title>RHEL 8 system commands must have mode 755 or less permissive.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465
ff1465 
-This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32901r567518_fix">Configure the system commands to be protected from unauthorized access.
ff1465 
+This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32901r792861_fix">Configure the system commands to be protected from unauthorized access.
ff1465
ff1465 
-Run the following command, replacing "[FILE]" with any system command with a mode more permissive than "0755".
ff1465 
+Run the following command, replacing "[FILE]" with any system command with a mode more permissive than "755".
ff1465
ff1465 
-$ sudo chmod 0755 [FILE]</fixtext><fix id="F-32901r567518_fix" /><check system="C-32926r567517_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories have mode "0755" or less permissive with the following command:
ff1465 
+$ sudo chmod 755 [FILE]</fixtext><fix id="F-32901r792861_fix" /><check system="C-32926r792860_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories have mode "755" or less permissive with the following command:
ff1465
ff1465 
-$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /0022 -exec ls -l {} \;
ff1465 
+$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -exec ls -l {} \;
ff1465
ff1465 
 If any system commands are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-230258"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230258r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010310</version><title>RHEL 8 system commands must be owned by root.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465
ff1465 
@@ -733,23 +717,23 @@ $ sudo chown root [FILE]</fixtext><fix id="F-32902r567521_fix" />
ff1465
ff1465 
 $ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -exec ls -l {} \;
ff1465
ff1465 
-If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230259"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230259r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010320</version><title>RHEL 8 system commands must be group-owned by root or a system account.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465 
+If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230259"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230259r792864_rule" weight="10.0" severity="medium"><version>RHEL-08-010320</version><title>RHEL 8 system commands must be group-owned by root or a system account.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465
ff1465 
 This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32903r567524_fix">Configure the system commands to be protected from unauthorized access.
ff1465
ff1465 
 Run the following command, replacing "[FILE]" with any system command file not group-owned by "root" or a required system account.
ff1465
ff1465 
-$ sudo chgrp root [FILE]</fixtext><fix id="F-32903r567524_fix" /><check system="C-32928r567523_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories are group-owned by "root" with the following command:
ff1465 
+$ sudo chgrp root [FILE]</fixtext><fix id="F-32903r567524_fix" /><check system="C-32928r792863_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories are group-owned by "root", or a required system account, with the following command:
ff1465
ff1465 
 $ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -exec ls -l {} \;
ff1465
ff1465 
-If any system commands are returned and is not owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230260"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230260r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010330</version><title>RHEL 8 library files must have mode 0755 or less permissive.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465 
+If any system commands are returned and is not group-owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230260"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230260r792867_rule" weight="10.0" severity="medium"><version>RHEL-08-010330</version><title>RHEL 8 library files must have mode 755 or less permissive.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465
ff1465 
-This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32904r567527_fix">Configure the library files to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any library file with a mode more permissive than 0755.
ff1465 
+This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32904r792866_fix">Configure the library files to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any library file with a mode more permissive than 755.
ff1465
ff1465 
-$ sudo chmod 0755 [FILE]</fixtext><fix id="F-32904r567527_fix" /><check system="C-32929r567526_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system-wide shared library files contained in the following directories have mode "0755" or less permissive with the following command:
ff1465 
+$ sudo chmod 755 [FILE]</fixtext><fix id="F-32904r792866_fix" /><check system="C-32929r792865_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system-wide shared library files contained in the following directories have mode "755" or less permissive with the following command:
ff1465
ff1465 
-$ sudo find -L /lib /lib64 /usr/lib /usr/lib64 -perm /0022 -type f -exec ls -l {} \;
ff1465 
+$ sudo find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec ls -l {} \;
ff1465
ff1465 
 If any system-wide shared library file is found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-230261"><title>SRG-OS-000259-GPOS-00100</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230261r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010340</version><title>RHEL 8 library files must be owned by root.</title><description><VulnDiscussion>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
ff1465
ff1465 
@@ -850,19 +834,28 @@ $ sudo grep -i localpkg_gpgcheck /etc/dnf/dnf.conf
ff1465
ff1465 
 localpkg_gpgcheck =True
ff1465
ff1465 
-If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.</check-content></check></Rule></Group><Group id="V-230266"><title>SRG-OS-000366-GPOS-00153</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230266r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010372</version><title>RHEL 8 must prevent the loading of a new kernel for later execution.</title><description><VulnDiscussion>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
ff1465 
+If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.</check-content></check></Rule></Group><Group id="V-230266"><title>SRG-OS-000366-GPOS-00153</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230266r792870_rule" weight="10.0" severity="medium"><version>RHEL-08-010372</version><title>RHEL 8 must prevent the loading of a new kernel for later execution.</title><description><VulnDiscussion>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
ff1465
ff1465 
-Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-32910r567545_fix">Configure the operating system to disable kernel image loading.
ff1465 
+Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.
ff1465
ff1465 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-32910r792869_fix">Configure the operating system to disable kernel image loading.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 kernel.kexec_load_disabled = 1
ff1465
ff1465 
 Load settings from all system configuration files with the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32910r567545_fix" /><check system="C-32935r567544_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to disable kernel image loading with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32910r792869_fix" /><check system="C-32935r792868_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to disable kernel image loading with the following commands:
ff1465
ff1465 
-Check the status of the kernel.kexec_load_disabled kernel parameter
ff1465 
+Check the status of the kernel.kexec_load_disabled kernel parameter.
ff1465
ff1465 
 $ sudo sysctl kernel.kexec_load_disabled
ff1465
ff1465 
@@ -870,29 +863,41 @@ kernel.kexec_load_disabled = 1
ff1465
ff1465 
 If "kernel.kexec_load_disabled" is not set to "1" or is missing, this is a finding.
ff1465
ff1465 
-Check that the configuration files are present to enable this kernel parameter
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465
ff1465 
-$ sudo grep -r kernel.kexec_load_disabled /etc/sysctl.conf /etc/sysctl.d/*.conf
ff1465 
+$ sudo grep -r kernel.kexec_load_disabled /etc/sysctl.d/*.conf
ff1465
ff1465 
 /etc/sysctl.d/99-sysctl.conf:kernel.kexec_load_disabled = 1
ff1465
ff1465 
-If "kernel.kexec_load_disabled" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230267"><title>SRG-OS-000312-GPOS-00122</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230267r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010373</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.</title><description><VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
ff1465 
+If "kernel.kexec_load_disabled" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230267"><title>SRG-OS-000312-GPOS-00122</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230267r792873_rule" weight="10.0" severity="medium"><version>RHEL-08-010373</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.</title><description><VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
ff1465
ff1465 
 When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
ff1465
ff1465 
 By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower match, or when the directory owner matches the symlink's owner. Disallowing such symlinks helps mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
ff1465
ff1465 
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32911r567548_fix">Configure the operating system to enable DAC on symlinks.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.
ff1465
ff1465 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
ff1465 
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32911r792872_fix">Configure the operating system to enable DAC on symlinks.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 fs.protected_symlinks = 1
ff1465
ff1465 
 Load settings from all system configuration files with the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32911r567548_fix" /><check system="C-32936r567547_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on symlinks with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32911r792872_fix" /><check system="C-32936r792871_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on symlinks with the following commands:
ff1465
ff1465 
-Check the status of the fs.protected_symlinks kernel parameter
ff1465 
+Check the status of the fs.protected_symlinks kernel parameter.
ff1465
ff1465 
 $ sudo sysctl fs.protected_symlinks
ff1465
ff1465 
@@ -900,103 +905,141 @@ fs.protected_symlinks = 1
ff1465
ff1465 
 If "fs.protected_symlinks" is not set to "1" or is missing, this is a finding.
ff1465
ff1465 
-Check that the configuration files are present to enable this kernel parameter
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465
ff1465 
-$ sudo grep -r fs.protected_symlinks /etc/sysctl.conf /etc/sysctl.d/*.conf
ff1465 
+$ sudo grep -r fs.protected_symlinks /etc/sysctl.d/*.conf
ff1465
ff1465 
 /etc/sysctl.d/99-sysctl.conf:fs.protected_symlinks = 1
ff1465
ff1465 
-If "fs.protected_symlinks" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230268"><title>SRG-OS-000312-GPOS-00122</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230268r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010374</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.</title><description><VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
ff1465 
-
ff1465 
-When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
ff1465 
-
ff1465 
-By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
ff1465 
-
ff1465 
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32912r567551_fix">Configure the operating system to enable DAC on hardlinks.
ff1465 
+If "fs.protected_symlinks" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230268"><title>SRG-OS-000312-GPOS-00122</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230268r792876_rule" weight="10.0" severity="medium"><version>RHEL-08-010374</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.</title><description><VulnDiscussion>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
ff1465 
+
ff1465 
+When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
ff1465 
+
ff1465 
+By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.
ff1465 
+
ff1465 
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32912r792875_fix">Configure the operating system to enable DAC on hardlinks.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 fs.protected_hardlinks = 1
ff1465
ff1465 
 Load settings from all system configuration files with the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32912r567551_fix" /><check system="C-32937r619895_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on hardlinks with the following commands:
ff1465 
-
ff1465 
-Check the status of the fs.protected_hardlinks kernel parameter.
ff1465 
-
ff1465 
-$ sudo sysctl fs.protected_hardlinks
ff1465 
-
ff1465 
-fs.protected_hardlinks = 1
ff1465 
-
ff1465 
-If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.
ff1465 
-
ff1465 
-Check that the configuration files are present to enable this kernel parameter.
ff1465 
-
ff1465 
-$ sudo grep -r fs.protected_hardlinks /etc/sysctl.conf /etc/sysctl.d/*.conf
ff1465 
-
ff1465 
-/etc/sysctl.d/99-sysctl.conf:fs.protected_hardlinks = 1
ff1465 
-
ff1465 
-If "fs.protected_hardlinks" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230269"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230269r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010375</version><title>RHEL 8 must restrict access to the kernel message buffer.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
-
ff1465 
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465 
-
ff1465 
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
ff1465 
-
ff1465 
-Restricting access to the kernel message buffer limits access to only root.  This prevents attackers from gaining additional system information as a non-privileged user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32913r567554_fix">Configure the operating system to restrict access to the kernel message buffer.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32912r792875_fix" /><check system="C-32937r792874_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on hardlinks with the following commands:
ff1465 
+
ff1465 
+Check the status of the fs.protected_hardlinks kernel parameter.
ff1465 
+
ff1465 
+$ sudo sysctl fs.protected_hardlinks
ff1465 
+
ff1465 
+fs.protected_hardlinks = 1
ff1465 
+
ff1465 
+If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465 
+
ff1465 
+$ sudo grep -r fs.protected_hardlinks /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf:fs.protected_hardlinks = 1
ff1465 
+
ff1465 
+If "fs.protected_hardlinks" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230269"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230269r792879_rule" weight="10.0" severity="low"><version>RHEL-08-010375</version><title>RHEL 8 must restrict access to the kernel message buffer.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
+
ff1465 
+This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465 
+
ff1465 
+There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
ff1465 
+
ff1465 
+Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a non-privileged user.
ff1465
ff1465 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32913r792878_fix">Configure the operating system to restrict access to the kernel message buffer.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 kernel.dmesg_restrict = 1
ff1465
ff1465 
 Load settings from all system configuration files with the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32913r567554_fix" /><check system="C-32938r619897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
ff1465 
-
ff1465 
-Check the status of the kernel.dmesg_restrict kernel parameter.
ff1465 
-
ff1465 
-$ sudo sysctl kernel.dmesg_restrict
ff1465 
-
ff1465 
-kernel.dmesg_restrict = 1
ff1465 
-
ff1465 
-If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
ff1465 
-
ff1465 
-Check that the configuration files are present to enable this kernel parameter.
ff1465 
-
ff1465 
-$ sudo grep -r kernel.dmesg_restrict /etc/sysctl.conf /etc/sysctl.d/*.conf
ff1465 
-
ff1465 
-/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
ff1465 
-
ff1465 
-If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230270"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230270r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010376</version><title>RHEL 8 must prevent kernel profiling by unprivileged users.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
-
ff1465 
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465 
-
ff1465 
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
ff1465 
-
ff1465 
-Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a non-privileged user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32914r567557_fix">Configure the operating system to prevent kernel profiling by unprivileged users.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32913r792878_fix" /><check system="C-32938r792877_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
ff1465 
+
ff1465 
+Check the status of the kernel.dmesg_restrict kernel parameter.
ff1465 
+
ff1465 
+$ sudo sysctl kernel.dmesg_restrict
ff1465 
+
ff1465 
+kernel.dmesg_restrict = 1
ff1465 
+
ff1465 
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.dmesg_restrict /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
ff1465 
+
ff1465 
+If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230270"><title>SRG-OS-000138-GPOS-00069</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230270r792882_rule" weight="10.0" severity="low"><version>RHEL-08-010376</version><title>RHEL 8 must prevent kernel profiling by unprivileged users.</title><description><VulnDiscussion>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
ff1465 
+
ff1465 
+This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
ff1465 
+
ff1465 
+There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
ff1465 
+
ff1465 
+Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a non-privileged user.
ff1465
ff1465 
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32914r792881_fix">Configure the operating system to prevent kernel profiling by unprivileged users.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 kernel.perf_event_paranoid = 2
ff1465
ff1465 
 Load settings from all system configuration files with the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32914r567557_fix" /><check system="C-32939r619899_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to prevent kernel profiling by unprivileged users with the following commands:
ff1465 
-
ff1465 
-Check the status of the kernel.perf_event_paranoid kernel parameter.
ff1465 
-
ff1465 
-$ sudo sysctl kernel.perf_event_paranoid
ff1465 
-
ff1465 
-kernel.perf_event_paranoid = 2
ff1465 
-
ff1465 
-If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.
ff1465 
-
ff1465 
-Check that the configuration files are present to enable this kernel parameter.
ff1465 
-
ff1465 
-$ sudo grep -r kernel.perf_event_paranoid /etc/sysctl.conf /etc/sysctl.d/*.conf
ff1465 
-
ff1465 
-/etc/sysctl.d/99-sysctl.conf:kernel.perf_event_paranoid = 2
ff1465 
-
ff1465 
-If "kernel.perf_event_paranoid" is not set to "2", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230271"><title>SRG-OS-000373-GPOS-00156</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230271r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010380</version><title>RHEL 8 must require users to provide a password for privilege escalation.</title><description><VulnDiscussion>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32914r792881_fix" /><check system="C-32939r792880_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to prevent kernel profiling by unprivileged users with the following commands:
ff1465 
+
ff1465 
+Check the status of the kernel.perf_event_paranoid kernel parameter.
ff1465 
+
ff1465 
+$ sudo sysctl kernel.perf_event_paranoid
ff1465 
+
ff1465 
+kernel.perf_event_paranoid = 2
ff1465 
+
ff1465 
+If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.perf_event_paranoid /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf:kernel.perf_event_paranoid = 2
ff1465 
+
ff1465 
+If "kernel.perf_event_paranoid" is not set to "2", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230271"><title>SRG-OS-000373-GPOS-00156</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230271r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010380</version><title>RHEL 8 must require users to provide a password for privilege escalation.</title><description><VulnDiscussion>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
ff1465
ff1465 
 When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.
ff1465
ff1465 
@@ -1093,7 +1136,7 @@ If "dmesg" does not show "NX (Execute Disable) protection" active, check the cpu
ff1465 
 $ sudo less /proc/cpuinfo | grep -i flags
ff1465 
 flags : fpu vme de pse tsc ms nx rdtscp lm constant_tsc
ff1465
ff1465 
-If "flags" does not contain the "nx" flag, this is a finding.</check-content></check></Rule></Group><Group id="V-230277"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230277r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010421</version><title>RHEL 8 must clear the page allocator to prevent use-after-free attacks.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465 
+If "flags" does not contain the "nx" flag, this is a finding.</check-content></check></Rule></Group><Group id="V-230277"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230277r792884_rule" weight="10.0" severity="medium"><version>RHEL-08-010421</version><title>RHEL 8 must clear the page allocator to prevent use-after-free attacks.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465
ff1465 
 Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.
ff1465
ff1465 
@@ -1103,11 +1146,11 @@ $ sudo grubby --update-kernel=ALL --args="page_poison=1"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="page_poison=1"</fixtext><fix id="F-32921r567578_fix" /><check system="C-32946r567577_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="page_poison=1"</fixtext><fix id="F-32921r567578_fix" /><check system="C-32946r792883_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities with the following commands:
ff1465
ff1465 
 Check that the current GRUB 2 configuration has page poisoning enabled:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep page_poison
ff1465 
+$ sudo grub2-editenv list | grep page_poison
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -1119,7 +1162,7 @@ $ sudo grep page_poison /etc/default/grub
ff1465
ff1465 
 GRUB_CMDLINE_LINUX="page_poison=1"
ff1465
ff1465 
-If "page_poison" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230278"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230278r743948_rule" weight="10.0" severity="medium"><version>RHEL-08-010422</version><title>RHEL 8 must disable virtual syscalls.</title><description><VulnDiscussion>Syscalls are special routines in the Linux kernel, which userspace applications ask to do privileged tasks.  Invoking a system call is an expensive operation because the processor must interrupt the currently executing task and switch context to kernel mode and then back to userspace after the system call completes.  Virtual Syscalls map into user space a page that contains some variables and the implementation of some system calls.  This allows the system calls to be executed in userspace to alleviate the context switching expense.
ff1465 
+If "page_poison" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230278"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230278r792886_rule" weight="10.0" severity="medium"><version>RHEL-08-010422</version><title>RHEL 8 must disable virtual syscalls.</title><description><VulnDiscussion>Syscalls are special routines in the Linux kernel, which userspace applications ask to do privileged tasks.  Invoking a system call is an expensive operation because the processor must interrupt the currently executing task and switch context to kernel mode and then back to userspace after the system call completes.  Virtual Syscalls map into user space a page that contains some variables and the implementation of some system calls.  This allows the system calls to be executed in userspace to alleviate the context switching expense.
ff1465
ff1465 
 Virtual Syscalls provide an opportunity of attack for a user who has control of the return instruction pointer.  Disabling vsyscalls help to prevent return oriented programming (ROP) attacks via buffer overflows and overruns. If the system intends to run containers based on RHEL 6 components, then virtual syscalls will need enabled so the components function properly.
ff1465
ff1465 
@@ -1129,11 +1172,11 @@ $ sudo grubby --update-kernel=ALL --args="vsyscall=none"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="vsyscall=none"</fixtext><fix id="F-32922r743947_fix" /><check system="C-32947r743946_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to disable vsyscalls with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="vsyscall=none"</fixtext><fix id="F-32922r743947_fix" /><check system="C-32947r792885_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to disable vsyscalls with the following commands:
ff1465
ff1465 
 Check that the current GRUB 2 configuration disables vsyscalls:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep vsyscall
ff1465 
+$ sudo grub2-editenv list | grep vsyscall
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -1145,7 +1188,7 @@ $ sudo grep vsyscall /etc/default/grub
ff1465
ff1465 
 GRUB_CMDLINE_LINUX="vsyscall=none"
ff1465
ff1465 
-If "vsyscall" is not set to "none", is missing or commented out and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230279"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230279r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010423</version><title>RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465 
+If "vsyscall" is not set to "none", is missing or commented out and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230279"><title>SRG-OS-000134-GPOS-00068</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230279r792888_rule" weight="10.0" severity="medium"><version>RHEL-08-010423</version><title>RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465
ff1465 
 Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.
ff1465
ff1465 
@@ -1157,11 +1200,11 @@ $ sudo grubby --update-kernel=ALL --args="slub_debug=P"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="slub_debug=P"</fixtext><fix id="F-32923r567584_fix" /><check system="C-32948r567583_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable poisoning of SLUB/SLAB objects to mitigate use-after-free vulnerabilities with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="slub_debug=P"</fixtext><fix id="F-32923r567584_fix" /><check system="C-32948r792887_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable poisoning of SLUB/SLAB objects to mitigate use-after-free vulnerabilities with the following commands:
ff1465
ff1465 
 Check that the current GRUB 2 configuration has poisoning of SLUB/SLAB objects enabled:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep slub_debug
ff1465 
+$ sudo grub2-editenv list | grep slub_debug
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 slub_debug=P page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -1173,29 +1216,43 @@ $ sudo grep slub_debug /etc/default/grub
ff1465
ff1465 
 GRUB_CMDLINE_LINUX="slub_debug=P"
ff1465
ff1465 
-If "slub_debug" is not set to "P", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230280"><title>SRG-OS-000433-GPOS-00193</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230280r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010430</version><title>RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465 
+If "slub_debug" is not set to "P", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230280"><title>SRG-OS-000433-GPOS-00193</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230280r792891_rule" weight="10.0" severity="medium"><version>RHEL-08-010430</version><title>RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description><VulnDiscussion>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
ff1465 
+
ff1465 
+Examples of attacks are buffer overflow attacks.
ff1465
ff1465 
-Examples of attacks are buffer overflow attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-32924r567587_fix">Configure the operating system to implement virtual address space randomization.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.d/*.conf"(or modify the line to have the required value):
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-32924r792890_fix">Configure the operating system to implement virtual address space randomization.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 kernel.randomize_va_space=2
ff1465
ff1465 
 Issue the following command to make the changes take effect:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32924r567587_fix" /><check system="C-32949r567586_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 implements ASLR with the following command:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32924r792890_fix" /><check system="C-32949r792889_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 implements ASLR with the following command:
ff1465
ff1465 
 $ sudo sysctl kernel.randomize_va_space
ff1465
ff1465 
 kernel.randomize_va_space = 2
ff1465
ff1465 
-If nothing is returned, verify the kernel parameter "randomize_va_space" is set to "2" with the following command:
ff1465 
+If "kernel.randomize_va_space" is not set to "2", this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.randomize_va_space /etc/sysctl.d/*.conf
ff1465
ff1465 
-$ sudo cat /proc/sys/kernel/randomize_va_space
ff1465 
+/etc/sysctl.d/99-sysctl.conf:kernel.randomize_va_space = 2
ff1465
ff1465 
-2
ff1465 
+If "kernel.randomize_va_space" is not set to "2", is missing or commented out, this is a finding.
ff1465
ff1465 
-If "kernel.randomize_va_space" is not set to "2", this is a finding.</check-content></check></Rule></Group><Group id="V-230281"><title>SRG-OS-000437-GPOS-00194</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230281r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010440</version><title>YUM must remove all software components after updated versions have been installed on RHEL 8.</title><description><VulnDiscussion>Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-32925r567590_fix">Configure the operating system to remove all software components after updated versions have been installed.
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230281"><title>SRG-OS-000437-GPOS-00194</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230281r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010440</version><title>YUM must remove all software components after updated versions have been installed on RHEL 8.</title><description><VulnDiscussion>Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-32925r567590_fix">Configure the operating system to remove all software components after updated versions have been installed.
ff1465
ff1465 
 Set the "clean_requirements_on_remove" option to "True" in the "/etc/dnf/dnf.conf" file:
ff1465
ff1465 
@@ -1545,19 +1602,41 @@ Main PID: 1130 (code=exited, status=0/SUCCESS)
ff1465
ff1465 
 If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO).
ff1465
ff1465 
-If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-230311"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230311r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010671</version><title>RHEL 8 must disable the kernel.core_pattern.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32955r567680_fix">Configure RHEL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-230311"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230311r792894_rule" weight="10.0" severity="medium"><version>RHEL-08-010671</version><title>RHEL 8 must disable the kernel.core_pattern.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32955r792893_fix">Configure RHEL 8 to disable storing core dumps.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
 kernel.core_pattern = |/bin/false
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-32955r567680_fix" /><check system="C-32980r567679_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables storing core dumps with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-32955r792893_fix" /><check system="C-32980r792892_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables storing core dumps with the following commands:
ff1465
ff1465 
 $ sudo sysctl kernel.core_pattern
ff1465
ff1465 
 kernel.core_pattern = |/bin/false
ff1465
ff1465 
-If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230312"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230312r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010672</version><title>RHEL 8 must disable acquiring, saving, and processing core dumps.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this kernel parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.core_pattern /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf:kernel.core_pattern = |/bin/false
ff1465 
+
ff1465 
+If "kernel.core_pattern" is not set to "|/bin/false", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230312"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230312r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010672</version><title>RHEL 8 must disable acquiring, saving, and processing core dumps.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
ff1465
ff1465 
@@ -1646,14 +1725,13 @@ $ sudo grep nameserver /etc/resolv.conf
ff1465 
 nameserver 192.168.1.2
ff1465 
 nameserver 192.168.1.3
ff1465
ff1465 
-If less than two lines are returned that are not commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230317"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230317r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010690</version><title>Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory.</title><description><VulnDiscussion>The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32961r567698_fix">Edit the local interactive user initialization files to change any PATH variable statements that reference directories other than their home directory.
ff1465 
+If less than two lines are returned that are not commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230317"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230317r792896_rule" weight="10.0" severity="medium"><version>RHEL-08-010690</version><title>Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory.</title><description><VulnDiscussion>The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32961r567698_fix">Edit the local interactive user initialization files to change any PATH variable statements that reference directories other than their home directory.
ff1465
ff1465 
-If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-32961r567698_fix" /><check system="C-32986r567697_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all local interactive user initialization file executable search path statements do not contain statements that will reference a working directory other than user home directories with the following commands:
ff1465 
+If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-32961r567698_fix" /><check system="C-32986r792895_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all local interactive user initialization file executable search path statements do not contain statements that will reference a working directory other than user home directories with the following commands:
ff1465
ff1465 
-$ sudo grep -i path /home/*/.*
ff1465 
+$ sudo grep -i path= /home/*/.*
ff1465
ff1465 
 /home/[localinteractiveuser]/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
ff1465 
-/home/[localinteractiveuser]/.bash_profile:export PATH
ff1465
ff1465 
 If any local interactive user initialization files have executable search path statements that include directories outside of their home directory and is not documented with the ISSO as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230318"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230318r743960_rule" weight="10.0" severity="medium"><version>RHEL-08-010700</version><title>All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application user.</title><description><VulnDiscussion>If a world-writable directory is not owned by root, sys, bin, or an application User Identifier (UID), unauthorized users may be able to modify files created by others.
ff1465
ff1465 
@@ -2309,27 +2387,27 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</VulnDiscussion
ff1465
ff1465 
 $ sudo grep -i tmux /etc/shells
ff1465
ff1465 
-If any output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-230351"><title>SRG-OS-000028-GPOS-00009</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230351r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-020050</version><title>RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.</title><description><VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
ff1465 
-
ff1465 
-The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 8 needs to provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
ff1465 
-
ff1465 
-Tmux is a terminal multiplexer that enables a number of terminals to be created, accessed, and controlled from a single screen.  Red Hat endorses tmux as the recommended session controlling package.
ff1465 
-
ff1465 
-Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000056</ident><fixtext fixref="F-32995r619869_fix">Configure the operating system to enable a user's session lock until that user re-establishes access using established identification and authentication procedures.
ff1465 
-
ff1465 
-Select/Create an authselect profile and incorporate the "with-smartcard-lock-on-removal" feature with the following example:
ff1465 
-
ff1465 
-$ sudo authselect select sssd with-smartcard with-smartcard-lock-on-removal
ff1465 
-
ff1465 
-Alternatively, the dconf settings can be edited in the /etc/dconf/db/* location.
ff1465 
-
ff1465 
-Edit or add the "[org/gnome/settings-daemon/peripherals/smartcard]" section of the database file and add or update the following lines:
ff1465 
-
ff1465 
-removal-action='lock-screen'
ff1465 
-
ff1465 
-Update the system databases:
ff1465 
-
ff1465 
-$ sudo dconf update</fixtext><fix id="F-32995r619869_fix" /><check system="C-33020r567799_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures with the following command:
ff1465 
+If any output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-230351"><title>SRG-OS-000028-GPOS-00009</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230351r792899_rule" weight="10.0" severity="medium"><version>RHEL-08-020050</version><title>RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.</title><description><VulnDiscussion>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
ff1465 
+
ff1465 
+The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 8 needs to provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
ff1465 
+
ff1465 
+Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000056</ident><fixtext fixref="F-32995r792898_fix">Configure the operating system to enable a user's session lock until that user re-establishes access using established identification and authentication procedures.
ff1465 
+
ff1465 
+Select/Create an authselect profile and incorporate the "with-smartcard-lock-on-removal" feature with the following example:
ff1465 
+
ff1465 
+$ sudo authselect select sssd with-smartcard with-smartcard-lock-on-removal
ff1465 
+
ff1465 
+Alternatively, the dconf settings can be edited in the /etc/dconf/db/* location.
ff1465 
+
ff1465 
+Edit or add the "[org/gnome/settings-daemon/peripherals/smartcard]" section of the database file and add or update the following lines:
ff1465 
+
ff1465 
+removal-action='lock-screen'
ff1465 
+
ff1465 
+Update the system databases:
ff1465 
+
ff1465 
+$ sudo dconf update</fixtext><fix id="F-32995r792898_fix" /><check system="C-33020r792897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures with the following command:
ff1465 
+
ff1465 
+This requirement assumes the use of the RHEL 8 default graphical user interface, Gnome Shell. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
ff1465
ff1465 
 $ sudo grep -R removal-action /etc/dconf/db/*
ff1465
ff1465 
@@ -2875,22 +2953,24 @@ Note: The example is for a system that is configured to create users home direct
ff1465
ff1465 
 # grep -i umask /home/*/.*
ff1465
ff1465 
-If any local interactive user initialization files are found to have a umask statement that has a value less restrictive than "077", this is a finding.</check-content></check></Rule></Group><Group id="V-230385"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230385r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-020353</version><title>RHEL 8 must define default permissions for logon and non-logon shells.</title><description><VulnDiscussion>The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33029r567902_fix">Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
ff1465 
+If any local interactive user initialization files are found to have a umask statement that has a value less restrictive than "077", this is a finding.</check-content></check></Rule></Group><Group id="V-230385"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230385r792902_rule" weight="10.0" severity="medium"><version>RHEL-08-020353</version><title>RHEL 8 must define default permissions for logon and non-logon shells.</title><description><VulnDiscussion>The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33029r792901_fix">Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
ff1465
ff1465 
-Add or edit the lines for the "UMASK" parameter in the "/etc/bashrc" and "etc/csh.cshrc" files to "077":
ff1465 
+Add or edit the lines for the "UMASK" parameter in the "/etc/bashrc", "/etc/csh.cshrc" and "/etc/profile"files to "077":
ff1465
ff1465 
-UMASK 077</fixtext><fix id="F-33029r567902_fix" /><check system="C-33054r567901_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that the umask default for installed shells is "077".
ff1465 
+UMASK 077</fixtext><fix id="F-33029r792901_fix" /><check system="C-33054r792900_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that the umask default for installed shells is "077".
ff1465
ff1465 
-Check for the value of the "UMASK" parameter in the "/etc/bashrc" and "/etc/csh.cshrc" files with the following command:
ff1465 
+Check for the value of the "UMASK" parameter in the "/etc/bashrc", "/etc/csh.cshrc" and "/etc/profile" files with the following command:
ff1465
ff1465 
-Note: If the value of the "UMASK" parameter is set to "000" in either the "/etc/bashrc" or the "/etc/csh.cshrc" files, the Severity is raised to a CAT I.
ff1465 
+Note: If the value of the "UMASK" parameter is set to "000" in the "/etc/bashrc" the "/etc/csh.cshrc" or the "/etc/profile" files, the Severity is raised to a CAT I.
ff1465
ff1465 
-# grep -i umask /etc/bashrc /etc/csh.cshrc
ff1465 
+# grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
ff1465
ff1465 
 /etc/bashrc:          umask 077
ff1465 
 /etc/bashrc:          umask 077
ff1465 
 /etc/csh.cshrc:      umask 077
ff1465 
 /etc/csh.cshrc:      umask 077
ff1465 
+/etc/profile:      umask 077
ff1465 
+/etc/profile:      umask 077
ff1465
ff1465 
 If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230386"><title>SRG-OS-000326-GPOS-00126</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230386r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-030000</version><title>The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.</title><description><VulnDiscussion>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
ff1465
ff1465 
@@ -4427,7 +4507,7 @@ $ sudo grep -w lastlog /etc/audit/audit.rules
ff1465
ff1465 
 -w /var/log/lastlog -p wa -k logins
ff1465
ff1465 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230468"><title>SRG-OS-000062-GPOS-00031</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230468r627750_rule" weight="10.0" severity="low"><version>RHEL-08-030601</version><title>RHEL 8 must enable auditing of processes that start prior to the audit daemon.</title><description><VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
ff1465 
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230468"><title>SRG-OS-000062-GPOS-00031</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230468r792904_rule" weight="10.0" severity="low"><version>RHEL-08-030601</version><title>RHEL 8 must enable auditing of processes that start prior to the audit daemon.</title><description><VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
ff1465
ff1465 
 If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
ff1465
ff1465 
@@ -4451,9 +4531,9 @@ $ sudo grubby --update-kernel=ALL --args="audit=1"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="audit=1"</fixtext><fix id="F-33112r568151_fix" /><check system="C-33137r568150_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables auditing of processes that start prior to the audit daemon with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="audit=1"</fixtext><fix id="F-33112r568151_fix" /><check system="C-33137r792903_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables auditing of processes that start prior to the audit daemon with the following commands:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep audit
ff1465 
+$ sudo grub2-editenv list | grep audit
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -4465,7 +4545,7 @@ $ sudo grep audit /etc/default/grub
ff1465
ff1465 
 GRUB_CMDLINE_LINUX="audit=1"
ff1465
ff1465 
-If "audit" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230469"><title>SRG-OS-000341-GPOS-00132</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230469r744004_rule" weight="10.0" severity="low"><version>RHEL-08-030602</version><title>RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.</title><description><VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
ff1465 
+If "audit" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230469"><title>SRG-OS-000341-GPOS-00132</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230469r792906_rule" weight="10.0" severity="low"><version>RHEL-08-030602</version><title>RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.</title><description><VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
ff1465
ff1465 
 If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
ff1465
ff1465 
@@ -4477,9 +4557,9 @@ $ sudo grubby --update-kernel=ALL --args="audit_backlog_limit=8192"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="audit_backlog_limit=8192"</fixtext><fix id="F-33113r568154_fix" /><check system="C-33138r744003_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 allocates a sufficient audit_backlog_limit to capture processes that start prior to the audit daemon with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="audit_backlog_limit=8192"</fixtext><fix id="F-33113r568154_fix" /><check system="C-33138r792905_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 allocates a sufficient audit_backlog_limit to capture processes that start prior to the audit daemon with the following commands:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep audit
ff1465 
+$ sudo grub2-editenv list | grep audit
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -4894,7 +4974,7 @@ $ sudo yum remove sendmail</fixtext><fix id="F-33133r568214_fix" />
ff1465
ff1465 
 $ sudo yum list installed sendmail
ff1465
ff1465 
-If the sendmail package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230491"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230491r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040004</version><title>RHEL 8 must enable mitigations against processor-based vulnerabilities.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the sendmail package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230491"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230491r792908_rule" weight="10.0" severity="low"><version>RHEL-08-040004</version><title>RHEL 8 must enable mitigations against processor-based vulnerabilities.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).
ff1465
ff1465 
@@ -4908,9 +4988,9 @@ $ sudo grubby --update-kernel=ALL --args="pti=on"
ff1465
ff1465 
 Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
ff1465
ff1465 
-GRUB_CMDLINE_LINUX="pti=on"</fixtext><fix id="F-33135r568220_fix" /><check system="C-33160r568219_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables kernel page-table isolation with the following commands:
ff1465 
+GRUB_CMDLINE_LINUX="pti=on"</fixtext><fix id="F-33135r568220_fix" /><check system="C-33160r792907_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables kernel page-table isolation with the following commands:
ff1465
ff1465 
-$ sudo grub2-editenv - list | grep pti
ff1465 
+$ sudo grub2-editenv list | grep pti
ff1465
ff1465 
 kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 pti=on boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
ff1465
ff1465 
@@ -4987,22 +5067,22 @@ $ sudo dmesg | grep -i video
ff1465 
 [ 47.235752] usbcore: registered new interface driver uvcvideo
ff1465 
 [ 47.235756] USB Video Class driver (1.1.1)
ff1465
ff1465 
-If the camera driver blacklist is missing, a camera driver is determined to be in use, and the collaborative computing device has not been authorized for use, this is a finding.</check-content></check></Rule></Group><Group id="V-230494"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230494r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040021</version><title>RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the camera driver blacklist is missing, a camera driver is determined to be in use, and the collaborative computing device has not been authorized for use, this is a finding.</check-content></check></Rule></Group><Group id="V-230494"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230494r792911_rule" weight="10.0" severity="low"><version>RHEL-08-040021</version><title>RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Failing to disconnect unused protocols can result in a system compromise.
ff1465
ff1465 
-The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual paths. Disabling ATM protects the system against exploitation of any laws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33138r568229_fix">Configure the operating system to disable the ability to use the ATM protocol kernel module.
ff1465 
+The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual paths. Disabling ATM protects the system against exploitation of any laws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33138r792910_fix">Configure the operating system to disable the ability to use the ATM protocol kernel module.
ff1465
ff1465 
 Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465
ff1465 
-install ATM /bin/true
ff1465 
-blacklist ATM
ff1465 
+install atm /bin/true
ff1465 
+blacklist atm
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33138r568229_fix" /><check system="C-33163r568228_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the ATM protocol kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33138r792910_fix" /><check system="C-33163r792909_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the ATM protocol kernel module.
ff1465
ff1465 
-$ sudo grep -ri ATM /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r atm /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
-install ATM /bin/true
ff1465 
+install atm /bin/true
ff1465
ff1465 
 If the command does not return any output, or the line is commented out, and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465
ff1465 
@@ -5010,26 +5090,26 @@ Verify the operating system disables the ability to use the ATM protocol.
ff1465
ff1465 
 Check to see if the ATM protocol is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri ATM /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r atm /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
-blacklist ATM
ff1465 
+blacklist atm
ff1465
ff1465 
-If the command does not return any output or the output is not "blacklist atm", and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230495"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230495r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040022</version><title>RHEL 8 must disable the controller area network (CAN) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the command does not return any output or the output is not "blacklist atm", and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230495"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230495r792914_rule" weight="10.0" severity="low"><version>RHEL-08-040022</version><title>RHEL 8 must disable the controller area network (CAN) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Failing to disconnect unused protocols can result in a system compromise.
ff1465
ff1465 
-The Controller Area Network (CAN) is a serial communications protocol, which was initially developed for automotive and is now also used in marine, industrial, and medical applications. Disabling CAN protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33139r568232_fix">Configure the operating system to disable the ability to use the CAN protocol kernel module.
ff1465 
+The Controller Area Network (CAN) is a serial communications protocol, which was initially developed for automotive and is now also used in marine, industrial, and medical applications. Disabling CAN protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33139r792913_fix">Configure the operating system to disable the ability to use the CAN protocol kernel module.
ff1465
ff1465 
 Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465
ff1465 
-install CAN /bin/true
ff1465 
-blacklist CAN
ff1465 
+install can /bin/true
ff1465 
+blacklist can
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33139r568232_fix" /><check system="C-33164r568231_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the CAN protocol kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33139r792913_fix" /><check system="C-33164r792912_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the CAN protocol kernel module.
ff1465
ff1465 
-$ sudo grep -ri CAN /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r can /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
-install CAN /bin/true
ff1465 
+install can /bin/true
ff1465
ff1465 
 If the command does not return any output, or the line is commented out, and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465
ff1465 
@@ -5037,26 +5117,26 @@ Verify the operating system disables the ability to use the CAN protocol.
ff1465
ff1465 
 Check to see if the CAN protocol is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri CAN /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r can /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
-blacklist CAN
ff1465 
+blacklist can
ff1465
ff1465 
-If the command does not return any output or the output is not "blacklist CAN", and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230496"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230496r744017_rule" weight="10.0" severity="low"><version>RHEL-08-040023</version><title>RHEL 8 must disable the stream control transmission protocol (SCTP).</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the command does not return any output or the output is not "blacklist can", and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230496"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230496r792917_rule" weight="10.0" severity="low"><version>RHEL-08-040023</version><title>RHEL 8 must disable the stream control transmission protocol (SCTP).</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Failing to disconnect unused protocols can result in a system compromise.
ff1465
ff1465 
-The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection. Disabling SCTP protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33140r744016_fix">Configure the operating system to disable the ability to use the SCTP kernel module.
ff1465 
+The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection. Disabling SCTP protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33140r792916_fix">Configure the operating system to disable the ability to use the SCTP kernel module.
ff1465
ff1465 
 Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465
ff1465 
-install SCTP /bin/true
ff1465 
-blacklist SCTP
ff1465 
+install sctp /bin/true
ff1465 
+blacklist sctp
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33140r744016_fix" /><check system="C-33165r744015_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the SCTP kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33140r792916_fix" /><check system="C-33165r792915_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the SCTP kernel module.
ff1465
ff1465 
-$ sudo grep -ri SCTP /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r sctp /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
-install SCTP /bin/true
ff1465 
+install sctp /bin/true
ff1465
ff1465 
 If the command does not return any output, or the line is commented out, and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465
ff1465 
@@ -5064,26 +5144,26 @@ Verify the operating system disables the ability to use the SCTP.
ff1465
ff1465 
 Check to see if the SCTP is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri SCTP /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r sctp /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
-blacklist SCTP
ff1465 
+blacklist sctp
ff1465
ff1465 
-If the command does not return any output or the output is not "blacklist SCTP", and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230497"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230497r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040024</version><title>RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the command does not return any output or the output is not "blacklist sctp", and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230497"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230497r792920_rule" weight="10.0" severity="low"><version>RHEL-08-040024</version><title>RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Failing to disconnect unused protocols can result in a system compromise.
ff1465
ff1465 
-The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. Disabling TIPC protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33141r568238_fix">Configure the operating system to disable the ability to use the TIPC protocol kernel module.
ff1465 
+The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. Disabling TIPC protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33141r792919_fix">Configure the operating system to disable the ability to use the TIPC protocol kernel module.
ff1465
ff1465 
 Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465
ff1465 
-install TIPC /bin/true
ff1465 
-blacklist TIPC
ff1465 
+install tipc /bin/true
ff1465 
+blacklist tipc
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33141r568238_fix" /><check system="C-33166r568237_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the TIPC protocol kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33141r792919_fix" /><check system="C-33166r792918_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the TIPC protocol kernel module.
ff1465
ff1465 
-$ sudo grep -ri TIPC /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r tipc /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
-install TIPC /bin/true
ff1465 
+install tipc /bin/true
ff1465
ff1465 
 If the command does not return any output, or the line is commented out, and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465
ff1465 
@@ -5091,11 +5171,11 @@ Verify the operating system disables the ability to use the TIPC protocol.
ff1465
ff1465 
 Check to see if the TIPC protocol is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri TIPC /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r tipc /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
-blacklist TIPC
ff1465 
+blacklist tipc
ff1465
ff1465 
-If the command does not return any output or the output is not "blacklist TIPC", and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230498"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230498r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040025</version><title>RHEL 8 must disable mounting of cramfs.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the command does not return any output or the output is not "blacklist tipc", and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230498"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230498r792922_rule" weight="10.0" severity="low"><version>RHEL-08-040025</version><title>RHEL 8 must disable mounting of cramfs.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 Removing support for unneeded filesystem types reduces the local attack surface of the server.
ff1465
ff1465 
@@ -5106,9 +5186,9 @@ Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465 
 install cramfs /bin/true
ff1465 
 blacklist cramfs
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33142r568241_fix" /><check system="C-33167r568240_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the cramfs kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33142r568241_fix" /><check system="C-33167r792921_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the cramfs kernel module.
ff1465
ff1465 
-$ sudo grep -ri cramfs /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r cramfs /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
 install cramfs /bin/true
ff1465
ff1465 
@@ -5118,11 +5198,11 @@ Verify the operating system disables the ability to use the cramfs kernel module
ff1465
ff1465 
 Check to see if the cramfs kernel module is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri cramfs /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r cramfs /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
 blacklist cramfs
ff1465
ff1465 
-If the command does not return any output or the output is not "blacklist cramfs", and use of the cramfs kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230499"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230499r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040026</version><title>RHEL 8 must disable IEEE 1394 (FireWire) Support.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the command does not return any output or the output is not "blacklist cramfs", and use of the cramfs kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230499"><title>SRG-OS-000095-GPOS-00049</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230499r792924_rule" weight="10.0" severity="low"><version>RHEL-08-040026</version><title>RHEL 8 must disable IEEE 1394 (FireWire) Support.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465
ff1465 
 The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time communication. Disabling FireWire protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33143r568244_fix">Configure the operating system to disable the ability to use the firewire-core kernel module.
ff1465
ff1465 
@@ -5131,9 +5211,9 @@ Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
ff1465 
 install firewire-core /bin/true
ff1465 
 blacklist firewire-core
ff1465
ff1465 
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33143r568244_fix" /><check system="C-33168r568243_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the firewire-core kernel module.
ff1465 
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33143r568244_fix" /><check system="C-33168r792923_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the firewire-core kernel module.
ff1465
ff1465 
-$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "/bin/true"
ff1465 
+$ sudo grep -r firewire-core /etc/modprobe.d/* | grep "/bin/true"
ff1465
ff1465 
 install firewire-core /bin/true
ff1465
ff1465 
@@ -5143,7 +5223,7 @@ Verify the operating system disables the ability to use the firewire-core kernel
ff1465
ff1465 
 Check to see if the firewire-core kernel module is disabled with the following command:
ff1465
ff1465 
-$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "blacklist"
ff1465 
+$ sudo grep -r firewire-core /etc/modprobe.d/* | grep "blacklist"
ff1465
ff1465 
 blacklist firewire-core
ff1465
ff1465 
@@ -5543,65 +5623,65 @@ $ sudo cat /etc/fstab | grep /var/log/audit
ff1465
ff1465 
 /dev/mapper/rhel-var-log-audit /var/log/audit xfs defaults,nodev,nosuid,noexec 0 0
ff1465
ff1465 
-If results are returned and the "noexec" option is missing, or if /var/log/audit is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230520"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230520r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040132</version><title>RHEL 8 must mount /var/tmp with the nodev option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
-
ff1465 
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33164r568307_fix">Configure the system so that /var/tmp is mounted with the "nodev" option by adding /modifying the /etc/fstab with the following line:
ff1465 
+If results are returned and the "noexec" option is missing, or if /var/log/audit is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230520"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230520r792927_rule" weight="10.0" severity="medium"><version>RHEL-08-040132</version><title>RHEL 8 must mount /var/tmp with the nodev option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
+
ff1465 
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
+
ff1465 
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
+
ff1465 
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33164r792926_fix">Configure the system so that /var/tmp is mounted with the "nodev" option by adding /modifying the /etc/fstab with the following line:
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33164r568307_fix" /><check system="C-33189r568306_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nodev" option:
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33164r792926_fix" /><check system="C-33189r792925_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nodev" option:
ff1465
ff1465 
 $ sudo mount | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465 
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465
ff1465 
 Verify that the "nodev" option is configured for /var/tmp:
ff1465
ff1465 
 $ sudo cat /etc/fstab | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465
ff1465 
-If results are returned and the "nodev" option is missing, or if /var/tmp is mounted without the "nodev" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230521"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230521r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040133</version><title>RHEL 8 must mount /var/tmp with the nosuid option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
-
ff1465 
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33165r568310_fix">Configure the system so that /var/tmp is mounted with the "nosuid" option by adding /modifying the /etc/fstab with the following line:
ff1465 
+If results are returned and the "nodev" option is missing, or if /var/tmp is mounted without the "nodev" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230521"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230521r792930_rule" weight="10.0" severity="medium"><version>RHEL-08-040133</version><title>RHEL 8 must mount /var/tmp with the nosuid option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
+
ff1465 
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
+
ff1465 
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
+
ff1465 
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33165r792929_fix">Configure the system so that /var/tmp is mounted with the "nosuid" option by adding /modifying the /etc/fstab with the following line:
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33165r568310_fix" /><check system="C-33190r568309_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nosuid" option:
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33165r792929_fix" /><check system="C-33190r792928_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nosuid" option:
ff1465
ff1465 
 $ sudo mount | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465 
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465
ff1465 
 Verify that the "nosuid" option is configured for /var/tmp:
ff1465
ff1465 
 $ sudo cat /etc/fstab | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465
ff1465 
-If results are returned and the "nosuid" option is missing, or if /var/tmp is mounted without the "nosuid" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230522"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230522r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040134</version><title>RHEL 8 must mount /var/tmp with the noexec option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
-
ff1465 
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
-
ff1465 
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33166r568313_fix">Configure the system so that /var/tmp is mounted with the "noexec" option by adding /modifying the /etc/fstab with the following line:
ff1465 
+If results are returned and the "nosuid" option is missing, or if /var/tmp is mounted without the "nosuid" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230522"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230522r792933_rule" weight="10.0" severity="medium"><version>RHEL-08-040134</version><title>RHEL 8 must mount /var/tmp with the noexec option.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465 
+
ff1465 
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465 
+
ff1465 
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33166r568313_fix" /><check system="C-33191r568312_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "noexec" option:
ff1465 
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33166r792932_fix">Configure the system so that /var/tmp is mounted with the "noexec" option by adding /modifying the /etc/fstab with the following line:
ff1465 
+
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33166r792932_fix" /><check system="C-33191r792931_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "noexec" option:
ff1465
ff1465 
 $ sudo mount | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465 
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
ff1465
ff1465 
 Verify that the "noexec" option is configured for /var/tmp:
ff1465
ff1465 
 $ sudo cat /etc/fstab | grep /var/tmp
ff1465
ff1465 
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465 
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
ff1465
ff1465 
 If results are returned and the "noexec" option is missing, or if /var/tmp is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230523"><title>SRG-OS-000368-GPOS-00154</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230523r744023_rule" weight="10.0" severity="medium"><version>RHEL-08-040135</version><title>The RHEL 8 fapolicy module must be installed.</title><description><VulnDiscussion>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
ff1465
ff1465 
@@ -5774,13 +5854,25 @@ If the account is associated with system commands or applications, the UID shoul
ff1465
ff1465 
 $ sudo awk -F: '$3 == 0 {print $1}' /etc/passwd
ff1465
ff1465 
-If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-230535"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230535r744035_rule" weight="10.0" severity="medium"><version>RHEL-08-040210</version><title>RHEL 8 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33179r744034_fix">Configure RHEL 8 to prevent IPv6 ICMP redirect messages from being accepted with the following command:
ff1465 
+If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-230535"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230535r792936_rule" weight="10.0" severity="medium"><version>RHEL-08-040210</version><title>RHEL 8 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33179r792935_fix">Configure RHEL 8 to prevent IPv6 ICMP redirect messages from being accepted.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.default.accept_redirects=0
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+net.ipv6.conf.default.accept_redirects = 0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465
ff1465 
-net.ipv6.conf.default.accept_redirects=0</fixtext><fix id="F-33179r744034_fix" /><check system="C-33204r744033_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv6 ICMP redirect messages.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33179r792935_fix" /><check system="C-33204r792934_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv6 ICMP redirect messages.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5790,15 +5882,37 @@ $ sudo sysctl net.ipv6.conf.default.accept_redirects
ff1465
ff1465 
 net.ipv6.conf.default.accept_redirects = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230536"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230536r744037_rule" weight="10.0" severity="medium"><version>RHEL-08-040220</version><title>RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv6.conf.default.accept_redirects /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_redirects = 0
ff1465
ff1465 
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33180r568355_fix">Configure RHEL 8 to not allow interfaces to perform IPv4 ICMP redirects with the following command:
ff1465 
+If "net.ipv6.conf.default.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.all.send_redirects=0
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230536"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230536r792939_rule" weight="10.0" severity="medium"><version>RHEL-08-040220</version><title>RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
ff1465
ff1465 
-net.ipv4.conf.all.send_redirects=0</fixtext><fix id="F-33180r568355_fix" /><check system="C-33205r744036_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not IPv4 ICMP redirect messages.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33180r792938_fix">Configure RHEL 8 to not allow interfaces to perform IPv4 ICMP redirects.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.all.send_redirects=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33180r792938_fix" /><check system="C-33205r792937_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not IPv4 ICMP redirect messages.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5808,30 +5922,74 @@ $ sudo sysctl net.ipv4.conf.all.send_redirects
ff1465
ff1465 
 net.ipv4.conf.all.send_redirects = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230537"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230537r744039_rule" weight="10.0" severity="medium"><version>RHEL-08-040230</version><title>RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description><VulnDiscussion>Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
ff1465 
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
ff1465
ff1465 
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33181r568358_fix">Configure RHEL 8 to not respond to IPv4 ICMP echoes sent to a broadcast address with the following command:
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
ff1465 
+$ sudo grep -r net.ipv4.conf.all.send_redirects /etc/sysctl.d/*.conf
ff1465
ff1465 
-If "1" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.send_redirects = 0
ff1465
ff1465 
-net.ipv4.icmp_echo_ignore_broadcasts=1</fixtext><fix id="F-33181r568358_fix" /><check system="C-33206r744038_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
ff1465 
+If "net.ipv4.conf.all.send_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230537"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230537r792942_rule" weight="10.0" severity="medium"><version>RHEL-08-040230</version><title>RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description><VulnDiscussion>Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
ff1465 
+
ff1465 
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33181r792941_fix">Configure RHEL 8 to not respond to IPv4 ICMP echoes sent to a broadcast address.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.icmp_echo_ignore_broadcasts=1
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33181r792941_fix" /><check system="C-33206r792940_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465 
+
ff1465 
 Check the value of the "icmp_echo_ignore_broadcasts" variable with the following command:
ff1465
ff1465 
 $ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts
ff1465
ff1465 
 net.ipv4.icmp_echo_ignore_broadcasts = 1
ff1465
ff1465 
-If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230538"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230538r744042_rule" weight="10.0" severity="medium"><version>RHEL-08-040240</version><title>RHEL 8 must not forward IPv6 source-routed packets.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33182r744041_fix">Configure RHEL 8 to not forward IPv6 source-routed packets with the following command:
ff1465 
+If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.icmp_echo_ignore_broadcasts = 1
ff1465 
+
ff1465 
+If "net.ipv4.icmp_echo_ignore_broadcasts" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230538"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230538r792945_rule" weight="10.0" severity="medium"><version>RHEL-08-040240</version><title>RHEL 8 must not forward IPv6 source-routed packets.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33182r792944_fix">Configure RHEL 8 to not forward IPv6 source-routed packets.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.all.accept_source_route=0
ff1465 
+net.ipv6.conf.all.accept_source_route=0
ff1465
ff1465 
-If "0" is not the system's all value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+Load settings from all system configuration files with the following command:
ff1465
ff1465 
-net.ipv6.conf.all.accept_source_route=0</fixtext><fix id="F-33182r744041_fix" /><check system="C-33207r744040_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33182r792944_fix" /><check system="C-33207r792943_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5841,13 +5999,35 @@ $ sudo sysctl net.ipv6.conf.all.accept_source_route
ff1465
ff1465 
 net.ipv6.conf.all.accept_source_route = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230539"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230539r744045_rule" weight="10.0" severity="medium"><version>RHEL-08-040250</version><title>RHEL 8 must not forward IPv6 source-routed packets by default.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33183r744044_fix">Configure RHEL 8 to not forward IPv6 source-routed packets by default with the following command:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv6.conf.all.accept_source_route /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_source_route = 0
ff1465 
+
ff1465 
+If "net.ipv6.conf.all.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230539"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230539r792948_rule" weight="10.0" severity="medium"><version>RHEL-08-040250</version><title>RHEL 8 must not forward IPv6 source-routed packets by default.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.default.accept_source_route=0
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33183r792947_fix">Configure RHEL 8 to not forward IPv6 source-routed packets by default.
ff1465
ff1465 
-net.ipv6.conf.default.accept_source_route=0</fixtext><fix id="F-33183r744044_fix" /><check system="C-33208r744043_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets by default.
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv6.conf.default.accept_source_route=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33183r792947_fix" /><check system="C-33208r792946_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets by default.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5857,39 +6037,75 @@ $ sudo sysctl net.ipv6.conf.default.accept_source_route
ff1465
ff1465 
 net.ipv6.conf.default.accept_source_route = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230540"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230540r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040260</version><title>RHEL 8 must not be performing packet forwarding unless the system is a router.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33184r568367_fix">Configure RHEL 8 to not allow packet forwarding, unless the system is a router with the following commands:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.ip_forward=0
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.all.forwarding=0
ff1465 
+$ sudo grep -r net.ipv6.conf.default.accept_source_route /etc/sysctl.d/*.conf
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_source_route = 0
ff1465
ff1465 
-net.ipv4.ip_forward=0
ff1465 
+If "net.ipv6.conf.default.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
ff1465
ff1465 
-net.ipv6.conf.all.forwarding=0</fixtext><fix id="F-33184r568367_fix" /><check system="C-33209r568366_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing packet forwarding, unless the system is a router.
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230540"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230540r792951_rule" weight="10.0" severity="medium"><version>RHEL-08-040260</version><title>RHEL 8 must not enable IPv6 packet forwarding unless the system is a router.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465
ff1465 
-Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-Check to see if IP forwarding is enabled using the following commands:
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33184r792950_fix">Configure RHEL 8 to not allow IPv6 packet forwarding, unless the system is a router.
ff1465
ff1465 
-$ sudo sysctl  net.ipv4.ip_forward
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
-net.ipv4.ip_forward = 0
ff1465 
+net.ipv6.conf.all.forwarding=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33184r792950_fix" /><check system="C-33209r792949_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing IPv6 packet forwarding, unless the system is a router.
ff1465 
+
ff1465 
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
ff1465 
+
ff1465 
+Check that IPv6 forwarding is disabled using the following commands:
ff1465
ff1465 
 $ sudo sysctl net.ipv6.conf.all.forwarding
ff1465
ff1465 
 net.ipv6.conf.all.forwarding = 0
ff1465
ff1465 
-If IP forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230541"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230541r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040261</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465 
+If the IPv6 forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv6.conf.all.forwarding /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.forwarding = 0
ff1465 
+
ff1465 
+If "net.ipv6.conf.all.forwarding" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230541"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230541r792954_rule" weight="10.0" severity="medium"><version>RHEL-08-040261</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465 
+
ff1465 
+An illicit router advertisement message could result in a man-in-the-middle attack.
ff1465
ff1465 
-An illicit router advertisement message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33185r568370_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces unless the system is a router with the following commands:
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33185r792953_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
-net.ipv6.conf.all.accept_ra=0</fixtext><fix id="F-33185r568370_fix" /><check system="C-33210r568369_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
ff1465 
+net.ipv6.conf.all.accept_ra=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33185r792953_fix" /><check system="C-33210r792952_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is not applicable.
ff1465
ff1465 
@@ -5899,15 +6115,37 @@ $ sudo sysctl  net.ipv6.conf.all.accept_ra
ff1465
ff1465 
 net.ipv6.conf.all.accept_ra = 0
ff1465
ff1465 
-If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230542"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230542r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040262</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465 
+If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv6.conf.all.accept_ra /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_ra = 0
ff1465
ff1465 
-An illicit router advertisement message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33186r568373_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router with the following commands:
ff1465 
+If "net.ipv6.conf.all.accept_ra" is not set to "0", is missing or commented out, this is a finding.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.default.accept_ra=0
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230542"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230542r792957_rule" weight="10.0" severity="medium"><version>RHEL-08-040262</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
ff1465 
+An illicit router advertisement message could result in a man-in-the-middle attack.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33186r792956_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv6.conf.default.accept_ra=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465
ff1465 
-net.ipv6.conf.default.accept_ra=0</fixtext><fix id="F-33186r568373_fix" /><check system="C-33211r568372_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33186r792956_fix" /><check system="C-33211r792955_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is not applicable.
ff1465
ff1465 
@@ -5917,15 +6155,37 @@ $ sudo sysctl  net.ipv6.conf.default.accept_ra
ff1465
ff1465 
 net.ipv6.conf.default.accept_ra = 0
ff1465
ff1465 
-If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230543"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230543r744047_rule" weight="10.0" severity="medium"><version>RHEL-08-040270</version><title>RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
ff1465 
+If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465
ff1465 
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33187r568376_fix">Configure RHEL 8 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default with the following command:
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.default.send_redirects=0
ff1465 
+$ sudo grep -r net.ipv6.conf.default.accept_ra /etc/sysctl.d/*.conf
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_ra = 0
ff1465
ff1465 
-net.ipv4.conf.default.send_redirects=0</fixtext><fix id="F-33187r568376_fix" /><check system="C-33212r744046_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
ff1465 
+If "net.ipv6.conf.default.accept_ra" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230543"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230543r792960_rule" weight="10.0" severity="medium"><version>RHEL-08-040270</version><title>RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
ff1465 
+
ff1465 
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33187r792959_fix">Configure RHEL 8 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.default.send_redirects = 0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33187r792959_fix" /><check system="C-33212r792958_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5935,13 +6195,35 @@ $ sudo sysctl net.ipv4.conf.default.send_redirects
ff1465
ff1465 
 net.ipv4.conf.default.send_redirects=0
ff1465
ff1465 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230544"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230544r744050_rule" weight="10.0" severity="medium"><version>RHEL-08-040280</version><title>RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33188r744049_fix">Configure RHEL 8 to ignore IPv6 ICMP redirect messages with the following command:
ff1465 
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.default.send_redirects /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.send_redirects = 0
ff1465
ff1465 
-$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0
ff1465 
+If "net.ipv4.conf.default.send_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230544"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230544r792963_rule" weight="10.0" severity="medium"><version>RHEL-08-040280</version><title>RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
ff1465
ff1465 
-net.ipv6.conf.all.accept_redirects = 0</fixtext><fix id="F-33188r744049_fix" /><check system="C-33213r744048_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv6 ICMP redirect messages.
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33188r792962_fix">Configure RHEL 8 to ignore IPv6 ICMP redirect messages.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv6.conf.all.accept_redirects = 0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33188r792962_fix" /><check system="C-33213r792961_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv6 ICMP redirect messages.
ff1465
ff1465 
 Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -5951,75 +6233,181 @@ $ sudo sysctl net.ipv6.conf.all.accept_redirects
ff1465
ff1465 
 net.ipv6.conf.all.accept_redirects = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230545"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230545r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040281</version><title>RHEL 8 must disable access to network bpf syscall from unprivileged processes.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33189r568382_fix">Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv6.conf.all.accept_redirects /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_redirects = 0
ff1465 
+
ff1465 
+If "net.ipv6.conf.all.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230545"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230545r792966_rule" weight="10.0" severity="medium"><version>RHEL-08-040281</version><title>RHEL 8 must disable access to network bpf syscall from unprivileged processes.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33189r792965_fix">Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465
ff1465 
 kernel.unprivileged_bpf_disabled = 1
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-33189r568382_fix" /><check system="C-33214r568381_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 prevents privilege escalation thru the kernel by disabling access to the bpf syscall with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33189r792965_fix" /><check system="C-33214r792964_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 prevents privilege escalation thru the kernel by disabling access to the bpf syscall with the following commands:
ff1465
ff1465 
 $ sudo sysctl kernel.unprivileged_bpf_disabled
ff1465
ff1465 
 kernel.unprivileged_bpf_disabled = 1
ff1465
ff1465 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230546"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230546r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040282</version><title>RHEL 8 must restrict usage of ptrace to descendant  processes.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33190r568385_fix">Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.unprivileged_bpf_disabled /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: kernel.unprivileged_bpf_disabled = 1
ff1465 
+
ff1465 
+If "kernel.unprivileged_bpf_disabled" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230546"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230546r792969_rule" weight="10.0" severity="medium"><version>RHEL-08-040282</version><title>RHEL 8 must restrict usage of ptrace to descendant  processes.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33190r792968_fix">Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465
ff1465 
 kernel.yama.ptrace_scope = 1
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-33190r568385_fix" /><check system="C-33215r568384_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts usage of ptrace to descendant processes with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33190r792968_fix" /><check system="C-33215r792967_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts usage of ptrace to descendant processes with the following commands:
ff1465
ff1465 
 $ sudo sysctl kernel.yama.ptrace_scope
ff1465
ff1465 
 kernel.yama.ptrace_scope = 1
ff1465
ff1465 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230547"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230547r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040283</version><title>RHEL 8 must restrict exposed kernel pointer addresses access.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33191r568388_fix">Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.yama.ptrace_scope /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: kernel.yama.ptrace_scope = 1
ff1465 
+
ff1465 
+If "kernel.yama.ptrace_scope" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230547"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230547r792972_rule" weight="10.0" severity="medium"><version>RHEL-08-040283</version><title>RHEL 8 must restrict exposed kernel pointer addresses access.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33191r792971_fix">Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465
ff1465 
 kernel.kptr_restrict = 1
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-33191r568388_fix" /><check system="C-33216r568387_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts exposed kernel pointer addresses access with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33191r792971_fix" /><check system="C-33216r792970_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts exposed kernel pointer addresses access with the following commands:
ff1465
ff1465 
 $ sudo sysctl kernel.kptr_restrict
ff1465
ff1465 
 kernel.kptr_restrict = 1
ff1465
ff1465 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230548"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230548r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040284</version><title>RHEL 8 must disable the use of user namespaces.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r kernel.kptr_restrict /etc/sysctl.d/*.conf
ff1465
ff1465 
-User namespaces are used primarily for Linux container.  The value 0 disallows the use of user namespaces.  When containers are not in use, namespaces should be disallowed.  When containers are deployed on a system, the value should be set to a large non-zero value.  The default value is 7182.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33192r568391_fix">Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+/etc/sysctl.d/99-sysctl.conf: kernel.kptr_restrict = 1
ff1465
ff1465 
-Note: User namespaces are used primarily for Linux containers.  If containers are in use, this requirement is not applicable.
ff1465 
+If "kernel.kptr_restrict" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230548"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230548r792975_rule" weight="10.0" severity="medium"><version>RHEL-08-040284</version><title>RHEL 8 must disable the use of user namespaces.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33192r792974_fix">Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465 
+
ff1465 
+Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
ff1465
ff1465 
 user.max_user_namespaces = 0
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-33192r568391_fix" /><check system="C-33217r568390_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables the use of user namespaces with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33192r792974_fix" /><check system="C-33217r792973_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables the use of user namespaces with the following commands:
ff1465
ff1465 
-Note: User namespaces are used primarily for Linux containers.  If containers are in use, this requirement is not applicable.
ff1465 
+Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
ff1465
ff1465 
 $ sudo sysctl user.max_user_namespaces
ff1465
ff1465 
 user.max_user_namespaces = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230549"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230549r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040285</version><title>RHEL 8 must use reverse path filtering on all IPv4 interfaces.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r user.max_user_namespaces /etc/sysctl.d/*.conf
ff1465
ff1465 
-Enabling reverse path filtering drops packets with source addresses that are not routable.  There is not an equivalent filter for IPv6 traffic.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33193r568394_fix">Configure RHEL 8 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+/etc/sysctl.d/99-sysctl.conf: user.max_user_namespaces = 0
ff1465 
+
ff1465 
+If "user.max_user_namespaces" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230549"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230549r792978_rule" weight="10.0" severity="medium"><version>RHEL-08-040285</version><title>RHEL 8 must use reverse path filtering on all IPv4 interfaces.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33193r792977_fix">Configure RHEL 8 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465
ff1465 
 net.ipv4.conf.all.rp_filter = 1
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-33193r568394_fix" /><check system="C-33218r568393_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 uses reverse path filtering on all IPv4 interfaces with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-33193r792977_fix" /><check system="C-33218r792976_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 uses reverse path filtering on all IPv4 interfaces with the following commands:
ff1465
ff1465 
 $ sudo sysctl net.ipv4.conf.all.rp_filter
ff1465
ff1465 
 net.ipv4.conf.all.rp_filter = 1
ff1465
ff1465 
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230550"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230550r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040290</version><title>RHEL 8 must be configured to prevent unrestricted mail relaying.</title><description><VulnDiscussion>If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33194r568397_fix">If "postfix" is installed, modify the "/etc/postfix/main.cf" file to restrict client connections to the local network with the following command:
ff1465 
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.all.rp_filter /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.rp_filter = 1
ff1465 
+
ff1465 
+If "net.ipv4.conf.all.rp_filter" is not set to "1", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230550"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-230550r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040290</version><title>RHEL 8 must be configured to prevent unrestricted mail relaying.</title><description><VulnDiscussion>If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33194r568397_fix">If "postfix" is installed, modify the "/etc/postfix/main.cf" file to restrict client connections to the local network with the following command:
ff1465
ff1465 
 $ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</fixtext><fix id="F-33194r568397_fix" /><check system="C-33219r568396_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system is configured to prevent unrestricted mail relaying.
ff1465
ff1465 
@@ -6237,7 +6625,7 @@ $ sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | g
ff1465 
 If no results are returned, this is a finding
ff1465 
 If "Defaults !targetpw" is not defined, this is a finding.
ff1465 
 If "Defaults !rootpw" is not defined, this is a finding.
ff1465 
-If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237643"><title>SRG-OS-000373-GPOS-00156</title><description><GroupDescription></GroupDescription></description><Rule id="SV-237643r646899_rule" weight="10.0" severity="medium"><version>RHEL-08-010384</version><title>RHEL 8 must require re-authentication when using the "sudo" command.</title><description><VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
ff1465 
+If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237643"><title>SRG-OS-000373-GPOS-00156</title><description><GroupDescription></GroupDescription></description><Rule id="SV-237643r792980_rule" weight="10.0" severity="medium"><version>RHEL-08-010384</version><title>RHEL 8 must require re-authentication when using the "sudo" command.</title><description><VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
ff1465
ff1465 
 When operating systems provide the capability to escalate a functional capability, it is critical the organization requires the user to re-authenticate when using the "sudo" command.
ff1465
ff1465 
@@ -6247,10 +6635,10 @@ $ sudo visudo
ff1465
ff1465 
 Add or modify the following line:
ff1465 
 Defaults timestamp_timeout=[value]
ff1465 
-Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40825r646898_fix" /><check system="C-40862r646897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
ff1465 
+Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40825r646898_fix" /><check system="C-40862r792979_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
ff1465
ff1465 
 $ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
ff1465 
-/etc/sudoers:Defaults timestamp_timout=0
ff1465 
+/etc/sudoers:Defaults timestamp_timeout=0
ff1465
ff1465 
 If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-244519"><title>SRG-OS-000023-GPOS-00006</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244519r743806_rule" weight="10.0" severity="medium"><version>RHEL-08-010049</version><title>RHEL 8 must display a banner before granting local or remote access to the system via a graphical user logon.</title><description><VulnDiscussion>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
ff1465
ff1465 
@@ -6294,7 +6682,9 @@ $ sudo grep rounds /etc/pam.d/system-auth
ff1465
ff1465 
 password sufficient pam_unix.so sha512 rounds=5000
ff1465
ff1465 
-If "rounds" has a value below "5000", or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244521"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244521r743812_rule" weight="10.0" severity="medium"><version>RHEL-08-010141</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.</title><description><VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47753r743811_fix">Configure the system to have a unique name for the grub superusers account.
ff1465 
+If "rounds" has a value below "5000", or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244521"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244521r792982_rule" weight="10.0" severity="medium"><version>RHEL-08-010141</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.</title><description><VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
ff1465 
+
ff1465 
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47753r743811_fix">Configure the system to have a unique name for the grub superusers account.
ff1465
ff1465 
 Edit the /etc/grub.d/01_users file and add or modify the following lines:
ff1465
ff1465 
@@ -6304,7 +6694,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
ff1465
ff1465 
 Generate a new grub.cfg file with the following command:
ff1465
ff1465 
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r743810_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
ff1465 
+$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
ff1465
ff1465 
 Verify that a unique name is set as the "superusers" account:
ff1465
ff1465 
@@ -6312,7 +6702,9 @@ $ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
ff1465 
 set superusers="[someuniquestringhere]"
ff1465 
 export superusers
ff1465
ff1465 
-If "superusers" is not set to a unique name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244522"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244522r743815_rule" weight="10.0" severity="medium"><version>RHEL-08-010149</version><title>RHEL 8 operating systems booted with a BIOS must require  a unique superusers name upon booting into single-user and maintenance modes.</title><description><VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47754r743814_fix">Configure the system to have a unique name for the grub superusers account.
ff1465 
+If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244522"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244522r792984_rule" weight="10.0" severity="medium"><version>RHEL-08-010149</version><title>RHEL 8 operating systems booted with a BIOS must require  a unique superusers name upon booting into single-user and maintenance modes.</title><description><VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
ff1465 
+
ff1465 
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47754r743814_fix">Configure the system to have a unique name for the grub superusers account.
ff1465
ff1465 
 Edit the /etc/grub.d/01_users file and add or modify the following lines:
ff1465
ff1465 
@@ -6322,7 +6714,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
ff1465
ff1465 
 Generate a new grub.cfg file with the following command:
ff1465
ff1465 
-$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg</fixtext><fix id="F-47754r743814_fix" /><check system="C-47797r743813_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
ff1465 
+$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg</fixtext><fix id="F-47754r743814_fix" /><check system="C-47797r792983_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
ff1465
ff1465 
 Verify that a unique name is set as the "superusers" account:
ff1465
ff1465 
@@ -6330,7 +6722,7 @@ $ sudo grep -iw "superusers" /boot/grub2/grub.cfg
ff1465 
 set superusers="[someuniquestringhere]"
ff1465 
 export superusers
ff1465
ff1465 
-If "superusers" is not set to a unique name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244523"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244523r743818_rule" weight="10.0" severity="medium"><version>RHEL-08-010152</version><title>RHEL 8 operating systems must require authentication upon booting into emergency mode.</title><description><VulnDiscussion>If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47755r743817_fix">Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file.
ff1465 
+If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244523"><title>SRG-OS-000080-GPOS-00048</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244523r743818_rule" weight="10.0" severity="medium"><version>RHEL-08-010152</version><title>RHEL 8 operating systems must require authentication upon booting into emergency mode.</title><description><VulnDiscussion>If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47755r743817_fix">Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file.
ff1465
ff1465 
 ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</fixtext><fix id="F-47755r743817_fix" /><check system="C-47798r743816_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Check to see if the system requires authentication for emergency mode with the following command:
ff1465
ff1465 
@@ -6822,13 +7214,25 @@ $ sudo yum list installed openssh-server
ff1465
ff1465 
 openssh-server.x86_64                 8.0p1-5.el8          @anaconda
ff1465
ff1465 
-If the "SSH server" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-244550"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244550r743899_rule" weight="10.0" severity="medium"><version>RHEL-08-040209</version><title>RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47782r743898_fix">Configure RHEL 8 to prevent IPv4 ICMP redirect messages from being accepted with the following command:
ff1465 
+If the "SSH server" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-244550"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244550r792987_rule" weight="10.0" severity="medium"><version>RHEL-08-040209</version><title>RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.default.accept_redirects=0
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47782r792986_fix">Configure RHEL 8 to prevent IPv4 ICMP redirect messages from being accepted.
ff1465
ff1465 
-net.ipv4.conf.default.accept_redirects=0</fixtext><fix id="F-47782r743898_fix" /><check system="C-47825r743897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv4 ICMP redirect messages.
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.default.accept_redirects = 0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-47782r792986_fix" /><check system="C-47825r792985_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv4 ICMP redirect messages.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -6838,13 +7242,35 @@ $ sudo sysctl net.ipv4.conf.default.accept_redirects
ff1465
ff1465 
 net.ipv4.conf.default.accept_redirects = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244551"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244551r743902_rule" weight="10.0" severity="medium"><version>RHEL-08-040239</version><title>RHEL 8 must not forward IPv4 source-routed packets.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47783r743901_fix">Configure RHEL 8 to not forward IPv4 source-routed packets with the following command:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.default.accept_redirects /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_redirects = 0
ff1465 
+
ff1465 
+If "net.ipv4.conf.default.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244551"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244551r792990_rule" weight="10.0" severity="medium"><version>RHEL-08-040239</version><title>RHEL 8 must not forward IPv4 source-routed packets.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47783r792989_fix">Configure RHEL 8 to not forward IPv4 source-routed packets.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.all.accept_source_route=0
ff1465 
+net.ipv4.conf.all.accept_source_route=0
ff1465
ff1465 
-If "0" is not the system's all value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+Load settings from all system configuration files with the following command:
ff1465
ff1465 
-net.ipv4.conf.all.accept_source_route=0</fixtext><fix id="F-47783r743901_fix" /><check system="C-47826r743900_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets.
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-47783r792989_fix" /><check system="C-47826r792988_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -6854,13 +7280,35 @@ $ sudo sysctl net.ipv4.conf.all.accept_source_route
ff1465
ff1465 
 net.ipv4.conf.all.accept_source_route = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244552"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244552r743905_rule" weight="10.0" severity="medium"><version>RHEL-08-040249</version><title>RHEL 8 must not forward IPv4 source-routed packets by default.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47784r743904_fix">Configure RHEL 8 to not forward IPv4 source-routed packets by default with the following command:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.all.accept_source_route /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_source_route = 0
ff1465 
+
ff1465 
+If "net.ipv4.conf.all.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244552"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244552r792993_rule" weight="10.0" severity="medium"><version>RHEL-08-040249</version><title>RHEL 8 must not forward IPv4 source-routed packets by default.</title><description><VulnDiscussion>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.default.accept_source_route=0
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47784r792992_fix">Configure RHEL 8 to not forward IPv4 source-routed packets by default.
ff1465
ff1465 
-net.ipv4.conf.default.accept_source_route=0</fixtext><fix id="F-47784r743904_fix" /><check system="C-47827r743903_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets by default.
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.default.accept_source_route=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-47784r792992_fix" /><check system="C-47827r792991_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets by default.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -6870,13 +7318,35 @@ $ sudo sysctl net.ipv4.conf.default.accept_source_route
ff1465
ff1465 
 net.ipv4.conf.default.accept_source_route = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244553"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244553r743908_rule" weight="10.0" severity="medium"><version>RHEL-08-040279</version><title>RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47785r743907_fix">Configure RHEL 8 to ignore IPv4 ICMP redirect messages with the following command:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.default.accept_source_route /etc/sysctl.d/*.conf
ff1465
ff1465 
-$ sudo sysctl -w net.ipv4.conf.all.accept_redirects=0
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_source_route = 0
ff1465
ff1465 
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
ff1465 
+If "net.ipv4.conf.default.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
ff1465
ff1465 
-net.ipv4.conf.all.accept_redirects = 0</fixtext><fix id="F-47785r743907_fix" /><check system="C-47828r743906_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv4 ICMP redirect messages.
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244553"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244553r792996_rule" weight="10.0" severity="medium"><version>RHEL-08-040279</version><title>RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.</title><description><VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47785r792995_fix">Configure RHEL 8 to ignore IPv4 ICMP redirect messages.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.all.accept_redirects = 0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-47785r792995_fix" /><check system="C-47828r792994_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv4 ICMP redirect messages.
ff1465
ff1465 
 Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465
ff1465 
@@ -6886,20 +7356,51 @@ $ sudo sysctl net.ipv4.conf.all.accept_redirects
ff1465
ff1465 
 net.ipv4.conf.all.accept_redirects = 0
ff1465
ff1465 
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244554"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244554r743911_rule" weight="10.0" severity="medium"><version>RHEL-08-040286</version><title>RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
-Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks.  Setting the value to "2" enables JIT hardening for all users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47786r743910_fix">Configure RHEL 8 to enable hardening for the BPF JIT compiler by adding the following line to a file in the "/etc/sysctl.d" directory:
ff1465 
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.all.accept_redirects /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_redirects = 0
ff1465 
+
ff1465 
+If "net.ipv4.conf.all.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244554"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-244554r792999_rule" weight="10.0" severity="medium"><version>RHEL-08-040286</version><title>RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title><description><VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
ff1465 
+
ff1465 
+Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks. Setting the value to "2" enables JIT hardening for all users.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47786r792998_fix">Configure RHEL 8 to enable hardening for the BPF JIT compiler by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
ff1465
ff1465 
 net.core.bpf_jit_harden = 2
ff1465
ff1465 
 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
ff1465
ff1465 
-$ sudo sysctl --system</fixtext><fix id="F-47786r743910_fix" /><check system="C-47829r743909_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables hardening for the BPF JIT with the following commands:
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-47786r792998_fix" /><check system="C-47829r792997_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables hardening for the BPF JIT with the following commands:
ff1465
ff1465 
 $ sudo sysctl net.core.bpf_jit_harden
ff1465
ff1465 
 net.core.bpf_jit_harden = 2
ff1465
ff1465 
-If the returned line does not have a value of "2", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-245540"><title>SRG-OS-000191-GPOS-00080</title><description><GroupDescription></GroupDescription></description><Rule id="SV-245540r754730_rule" weight="10.0" severity="medium"><version>RHEL-08-010001</version><title>The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.</title><description><VulnDiscussion>Adding endpoint security tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001233</ident><fixtext fixref="F-48770r754729_fix">Install and enable the latest McAfee ENSLTP package.</fixtext><fix id="F-48770r754729_fix" /><check system="C-48814r754728_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Per OPORD 16-0080, the preferred endpoint security tool is McAfee Endpoint Security for Linux (ENSL) in conjunction with SELinux.
ff1465 
+If the returned line does not have a value of "2", or a line is not returned, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.core.bpf_jit_harden /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.core.bpf_jit_harden = 2
ff1465 
+
ff1465 
+If "net.core.bpf_jit_harden" is not set to "2", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-245540"><title>SRG-OS-000191-GPOS-00080</title><description><GroupDescription></GroupDescription></description><Rule id="SV-245540r754730_rule" weight="10.0" severity="medium"><version>RHEL-08-010001</version><title>The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.</title><description><VulnDiscussion>Adding endpoint security tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001233</ident><fixtext fixref="F-48770r754729_fix">Install and enable the latest McAfee ENSLTP package.</fixtext><fix id="F-48770r754729_fix" /><check system="C-48814r754728_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Per OPORD 16-0080, the preferred endpoint security tool is McAfee Endpoint Security for Linux (ENSL) in conjunction with SELinux.
ff1465
ff1465 
 Procedure:
ff1465 
 Check that the following package has been installed:
ff1465 
@@ -6912,4 +7413,102 @@ Verify that the daemon is running:
ff1465
ff1465 
 $ sudo ps -ef | grep -i mfetpd
ff1465
ff1465 
-If the daemon is not running, this is a finding.</check-content></check></Rule></Group></Benchmark>
ff1465 
\ No newline at end of file
ff1465 
+If the daemon is not running, this is a finding.</check-content></check></Rule></Group><Group id="V-250315"><title>SRG-OS-000021-GPOS-00005</title><description><GroupDescription></GroupDescription></description><Rule id="SV-250315r793009_rule" weight="10.0" severity="medium"><version>RHEL-08-020027</version><title>RHEL 8 systems, versions 8.2 and above, must configure SELinux context type to allow the use of a non-default faillock tally directory.</title><description><VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
ff1465 
+
ff1465 
+From "faillock.conf" man pages: Note that the default directory that "pam_faillock" uses is usually cleared on system boot so the access will be re-enabled after system reboot. If that is undesirable, a different tally directory must be set with the "dir" option.
ff1465 
+
ff1465 
+SELinux, enforcing a targeted policy, will require any non-default tally directory's security context type to match the default directory's security context type. Without updating the security context type, the pam_faillock module will not write failed login attempts to the non-default tally directory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000044</ident><ident system="http://cyber.mil/cci">CCI-002238</ident><fixtext fixref="F-53703r793001_fix">Configure RHEL 8 to allow the use of a non-default faillock tally directory while SELinux enforces a targeted policy.
ff1465 
+
ff1465 
+Create a non-default faillock tally directory (if it does not already exist) with the following example:
ff1465 
+
ff1465 
+$ sudo mkdir /var/log/faillock
ff1465 
+
ff1465 
+Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "faillog_t" context type for the non-default faillock tally directory with the following command:
ff1465 
+
ff1465 
+$ sudo semanage fcontext -a -t faillog_t "/var/log/faillock(/.*)?"
ff1465 
+
ff1465 
+Next, update the context type of the non-default faillock directory/subdirectories and files with the following command:
ff1465 
+
ff1465 
+$ sudo restorecon -R -v /var/log/faillock</fixtext><fix id="F-53703r793001_fix" /><check system="C-53749r793000_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>If the system does not have SELinux enabled and enforcing a targeted policy, or if the pam_faillock module is not configured for use, this requirement is not applicable.
ff1465 
+
ff1465 
+Note: This check applies to RHEL versions 8.2 or newer. If the system is RHEL version 8.0 or 8.1, this check is not applicable.
ff1465 
+
ff1465 
+Verify the location of the non-default tally directory for the pam_faillock module with the following command:
ff1465 
+
ff1465 
+$ sudo grep -w dir /etc/security/faillock.conf
ff1465 
+
ff1465 
+dir = /var/log/faillock
ff1465 
+
ff1465 
+Check the security context type of the non-default tally directory with the following command:
ff1465 
+
ff1465 
+$ sudo ls -Zd /var/log/faillock
ff1465 
+
ff1465 
+unconfined_u:object_r:faillog_t:s0 /var/log/faillock
ff1465 
+
ff1465 
+If the security context type of the non-default tally directory is not "faillog_t", this is a finding.</check-content></check></Rule></Group><Group id="V-250316"><title>SRG-OS-000021-GPOS-00005</title><description><GroupDescription></GroupDescription></description><Rule id="SV-250316r793010_rule" weight="10.0" severity="medium"><version>RHEL-08-020028</version><title>RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory.</title><description><VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
ff1465 
+
ff1465 
+From "Pam_Faillock" man pages: Note that the default directory that "pam_faillock" uses is usually cleared on system boot so the access will be reenabled after system reboot. If that is undesirable, a different tally directory must be set with the "dir" option.
ff1465 
+
ff1465 
+SELinux, enforcing a targeted policy, will require any non-default tally directory's security context type to match the default directory's security context type. Without updating the security context type, the pam_faillock module will not write failed login attempts to the non-default tally directory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000044</ident><ident system="http://cyber.mil/cci">CCI-002238</ident><fixtext fixref="F-53704r793004_fix">Configure RHEL 8 to allow the use of a non-default faillock tally directory while SELinux enforces a targeted policy.
ff1465 
+
ff1465 
+Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "faillog_t" context type for the non-default faillock tally directory with the following command:
ff1465 
+
ff1465 
+$ sudo semanage fcontext -a -t faillog_t "/var/log/faillock(/.*)?"
ff1465 
+
ff1465 
+Next, update the context type of the non-default faillock directory/subdirectories and files with the following command:
ff1465 
+
ff1465 
+$ sudo restorecon -R -v /var/log/faillock</fixtext><fix id="F-53704r793004_fix" /><check system="C-53750r793003_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>If the system does not have SELinux enabled and enforcing a targeted policy, or if the pam_faillock module is not configured for use, this requirement is not applicable.
ff1465 
+
ff1465 
+Note: This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is not applicable.
ff1465 
+
ff1465 
+Verify the location of the non-default tally directory for the pam_faillock module with the following command:
ff1465 
+
ff1465 
+$ sudo grep -w dir /etc/pam.d/password-auth
ff1465 
+
ff1465 
+auth   required   pam_faillock.so preauth dir=/var/log/faillock
ff1465 
+auth   required   pam_faillock.so authfail dir=/var/log/faillock
ff1465 
+
ff1465 
+Check the security context type of the non-default tally directory with the following command:
ff1465 
+
ff1465 
+$ sudo ls -Zd /var/log/faillock
ff1465 
+
ff1465 
+unconfined_u:object_r:faillog_t:s0 /var/log/faillock
ff1465 
+
ff1465 
+If the security context type of the non-default tally directory is not "faillog_t", this is a finding.</check-content></check></Rule></Group><Group id="V-250317"><title>SRG-OS-000480-GPOS-00227</title><description><GroupDescription></GroupDescription></description><Rule id="SV-250317r793008_rule" weight="10.0" severity="medium"><version>RHEL-08-040259</version><title>RHEL 8 must not enable IPv4 packet forwarding unless the system is a router.</title><description><VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
ff1465 
+
ff1465 
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
ff1465 
+/etc/sysctl.d/*.conf
ff1465 
+/run/sysctl.d/*.conf
ff1465 
+/usr/local/lib/sysctl.d/*.conf
ff1465 
+/usr/lib/sysctl.d/*.conf
ff1465 
+/lib/sysctl.d/*.conf
ff1465 
+/etc/sysctl.conf
ff1465 
+
ff1465 
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls></description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-53705r793007_fix">Configure RHEL 8 to not allow IPv4 packet forwarding, unless the system is a router.
ff1465 
+
ff1465 
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
ff1465 
+
ff1465 
+net.ipv4.conf.all.forwarding=0
ff1465 
+
ff1465 
+Load settings from all system configuration files with the following command:
ff1465 
+
ff1465 
+$ sudo sysctl --system</fixtext><fix id="F-53705r793007_fix" /><check system="C-53751r793006_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing IPv4 packet forwarding, unless the system is a router.
ff1465 
+
ff1465 
+Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
ff1465 
+
ff1465 
+Check that IPv4 forwarding is disabled using the following command:
ff1465 
+
ff1465 
+$ sudo sysctl  net.ipv4.ip_forward
ff1465 
+
ff1465 
+net.ipv4.ip_forward = 0
ff1465 
+If the IPv4 forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
ff1465 
+
ff1465 
+Check that the configuration files are present to enable this network parameter.
ff1465 
+
ff1465 
+$ sudo grep -r net.ipv4.conf.all.forwarding /etc/sysctl.d/*.conf
ff1465 
+
ff1465 
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.forwarding = 0
ff1465 
+
ff1465 
+If "net.ipv4.conf.all.forwarding" is not set to "0", is missing or commented out, this is a finding.
ff1465 
+
ff1465 
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group></Benchmark>
ff1465 
\ No newline at end of file
ff1465 
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
ff1465 
index ca0097b..e4f9dd8 100644
ff1465 
--- a/tests/data/profile_stability/rhel8/stig.profile
ff1465 
+++ b/tests/data/profile_stability/rhel8/stig.profile
ff1465 
@@ -58,7 +58,9 @@ selections:
ff1465 
 - accounts_passwords_pam_faillock_interval
ff1465 
 - accounts_passwords_pam_faillock_unlock_time
ff1465 
 - accounts_umask_etc_bashrc
ff1465 
+- accounts_umask_etc_csh_cshrc
ff1465 
 - accounts_umask_etc_login_defs
ff1465 
+- accounts_umask_etc_profile
ff1465 
 - accounts_umask_interactive_users
ff1465 
 - accounts_user_dot_no_world_writable_programs
ff1465 
 - accounts_user_home_paths_only
ff1465 
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
ff1465 
index 3533208..d37d2ec 100644
ff1465 
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
ff1465 
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
ff1465 
@@ -69,7 +69,9 @@ selections:
ff1465 
 - accounts_passwords_pam_faillock_interval
ff1465 
 - accounts_passwords_pam_faillock_unlock_time
ff1465 
 - accounts_umask_etc_bashrc
ff1465 
+- accounts_umask_etc_csh_cshrc
ff1465 
 - accounts_umask_etc_login_defs
ff1465 
+- accounts_umask_etc_profile
ff1465 
 - accounts_umask_interactive_users
ff1465 
 - accounts_user_dot_no_world_writable_programs
ff1465 
 - accounts_user_home_paths_only

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation