rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   bd46b745837e567617796b89ec8ac428d8882bb0
  2.   SOURCES
  3.   scap-security-guide-0.1.64-update_rhel7_stig_to_v3r8-PR_9317.patch
Blob Blame History Raw 
From 1387b1732099246d62ad56b3accb2ae8dfe13a2d Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Tue, 9 Aug 2022 08:36:38 -0500
Subject: [PATCH 6/7] Merge pull request #9317 from
 yuumasato/update-rhel7-stig-to-v3r8

Patch-name: scap-security-guide-0.1.64-update_rhel7_stig_to_v3r8-PR_9317.patch
Patch-status: Update RHEL7 STIG to V3R8
---
 products/rhel7/profiles/stig.profile          |   4 +-
 products/rhel7/profiles/stig_gui.profile      |   4 +-
 ... => disa-stig-rhel7-v3r8-xccdf-manual.xml} | 413 ++++++-----
 ...ml => disa-stig-rhel7-v3r8-xccdf-scap.xml} | 697 +++++++++---------
 4 files changed, 565 insertions(+), 553 deletions(-)
 rename shared/references/{disa-stig-rhel7-v3r7-xccdf-manual.xml => disa-stig-rhel7-v3r8-xccdf-manual.xml} (97%)
 rename shared/references/{disa-stig-rhel7-v3r7-xccdf-scap.xml => disa-stig-rhel7-v3r8-xccdf-scap.xml} (97%)
 mode change 100644 => 100755

diff --git a/products/rhel7/profiles/stig.profile b/products/rhel7/profiles/stig.profile
index 6cac22ec9e..032707728d 100644
--- a/products/rhel7/profiles/stig.profile
+++ b/products/rhel7/profiles/stig.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
-    version: V3R7
+    version: V3R8
     SMEs:
         - ggbecker
 
@@ -11,7 +11,7 @@ title: 'DISA STIG for Red Hat Enterprise Linux 7'
 
 description: |-
     This profile contains configuration checks that align to the
-    DISA STIG for Red Hat Enterprise Linux V3R7.
+    DISA STIG for Red Hat Enterprise Linux V3R8.
 
     In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
     configuration baseline as applicable to the operating system tier of
diff --git a/products/rhel7/profiles/stig_gui.profile b/products/rhel7/profiles/stig_gui.profile
index 24f2b886a7..7b41b6d22a 100644
--- a/products/rhel7/profiles/stig_gui.profile
+++ b/products/rhel7/profiles/stig_gui.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
-    version: V3R7
+    version: V3R8
     SMEs:
         - ggbecker
 
@@ -11,7 +11,7 @@ title: 'DISA STIG with GUI for Red Hat Enterprise Linux 7'
 
 description: |-
     This profile contains configuration checks that align to the
-    DISA STIG with GUI for Red Hat Enterprise Linux V3R7.
+    DISA STIG with GUI for Red Hat Enterprise Linux V3R8.
 
     In addition to being applicable to Red Hat Enterprise Linux 7, DISA recognizes this
     configuration baseline as applicable to the operating system tier of
diff --git a/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml b/shared/references/disa-stig-rhel7-v3r8-xccdf-manual.xml
similarity index 97%
rename from shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml
rename to shared/references/disa-stig-rhel7-v3r8-xccdf-manual.xml
index 2c680d73ac..f5ca2a007a 100644
--- a/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel7-v3r8-xccdf-manual.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_7_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2022-02-17">accepted</status><title>Red Hat Enterprise Linux 7 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 7 Benchmark Date: 27 Apr 2022</plain-text><plain-text id="generator">3.3.0.27375</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>3</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Group id="V-204392"><title>SRG-OS-000257-GPOS-00098</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204392r646841_rule" weight="10.0" severity="high"><version>RHEL-07-010010</version><title>The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.</title><description>&lt;VulnDiscussion&gt;Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.
+<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_7_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2022-06-06">accepted</status><title>Red Hat Enterprise Linux 7 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 8 Benchmark Date: 27 Jul 2022</plain-text><plain-text id="generator">3.3.0.27375</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>3</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-204392" selected="true" /><select idref="V-204393" selected="true" /><select idref="V-204394" selected="true" /><select idref="V-204395" selected="true" /><select idref="V-204396" selected="true" /><select idref="V-204397" selected="true" /><select idref="V-204398" selected="true" /><select idref="V-204399" selected="true" /><select idref="V-204400" selected="true" /><select idref="V-204402" selected="true" /><select idref="V-204403" selected="true" /><select idref="V-204404" selected="true" /><select idref="V-204405" selected="true" /><select idref="V-204406" selected="true" /><select idref="V-204407" selected="true" /><select idref="V-204408" selected="true" /><select idref="V-204409" selected="true" /><select idref="V-204410" selected="true" /><select idref="V-204411" selected="true" /><select idref="V-204412" selected="true" /><select idref="V-204413" selected="true" /><select idref="V-204414" selected="true" /><select idref="V-204415" selected="true" /><select idref="V-204416" selected="true" /><select idref="V-204417" selected="true" /><select idref="V-204418" selected="true" /><select idref="V-204419" selected="true" /><select idref="V-204420" selected="true" /><select idref="V-204421" selected="true" /><select idref="V-204422" selected="true" /><select idref="V-204423" selected="true" /><select idref="V-204424" selected="true" /><select idref="V-204425" selected="true" /><select idref="V-204426" selected="true" /><select idref="V-204427" selected="true" /><select idref="V-204428" selected="true" /><select idref="V-204429" selected="true" /><select idref="V-204430" selected="true" /><select idref="V-204431" selected="true" /><select idref="V-204432" selected="true" /><select idref="V-204433" selected="true" /><select idref="V-204434" selected="true" /><select idref="V-204435" selected="true" /><select idref="V-204437" selected="true" /><select idref="V-204438" selected="true" /><select idref="V-204440" selected="true" /><select idref="V-204441" selected="true" /><select idref="V-204442" selected="true" /><select idref="V-204443" selected="true" /><select idref="V-204444" selected="true" /><select idref="V-204445" selected="true" /><select idref="V-204446" selected="true" /><select idref="V-204447" selected="true" /><select idref="V-204448" selected="true" /><select idref="V-204449" selected="true" /><select idref="V-204450" selected="true" /><select idref="V-204451" selected="true" /><select idref="V-204452" selected="true" /><select idref="V-204453" selected="true" /><select idref="V-204454" selected="true" /><select idref="V-204455" selected="true" /><select idref="V-204456" selected="true" /><select idref="V-204457" selected="true" /><select idref="V-204458" selected="true" /><select idref="V-204459" selected="true" /><select idref="V-204460" selected="true" /><select idref="V-204461" selected="true" /><select idref="V-204462" selected="true" /><select idref="V-204463" selected="true" /><select idref="V-204464" selected="true" /><select idref="V-204466" selected="true" /><select idref="V-204467" selected="true" /><select idref="V-204468" selected="true" /><select idref="V-204469" selected="true" /><select idref="V-204470" selected="true" /><select idref="V-204471" selected="true" /><select idref="V-204472" selected="true" /><select idref="V-204473" selected="true" /><select idref="V-204474" selected="true" /><select idref="V-204475" selected="true" /><select idref="V-204476" selected="true" /><select idref="V-204477" selected="true" /><select idref="V-204478" selected="true" /><select idref="V-204479" selected="true" /><select idref="V-204480" selected="true" /><select idref="V-204481" selected="true" /><select idref="V-204482" selected="true" /><select idref="V-204483" selected="true" /><select idref="V-204486" selected="true" /><select idref="V-204487" selected="true" /><select idref="V-204488" selected="true" /><select idref="V-204489" selected="true" /><select idref="V-204490" selected="true" /><select idref="V-204491" selected="true" /><select idref="V-204492" selected="true" /><select idref="V-204493" selected="true" /><select idref="V-204494" selected="true" /><select idref="V-204495" selected="true" /><select idref="V-204496" selected="true" /><select idref="V-204497" selected="true" /><select idref="V-204498" selected="true" /><select idref="V-204499" selected="true" /><select idref="V-204500" selected="true" /><select idref="V-204501" selected="true" /><select idref="V-204502" selected="true" /><select idref="V-204503" selected="true" /><select idref="V-204504" selected="true" /><select idref="V-204506" selected="true" /><select idref="V-204507" selected="true" /><select idref="V-204508" selected="true" /><select idref="V-204509" selected="true" /><select idref="V-204510" selected="true" /><select idref="V-204511" selected="true" /><select idref="V-204512" selected="true" /><select idref="V-204513" selected="true" /><select idref="V-204514" selected="true" /><select idref="V-204515" selected="true" /><select idref="V-204516" selected="true" /><select idref="V-204517" selected="true" /><select idref="V-204521" selected="true" /><select idref="V-204524" selected="true" /><select idref="V-204531" selected="true" /><select idref="V-204536" selected="true" /><select idref="V-204537" selected="true" /><select idref="V-204538" selected="true" /><select idref="V-204539" selected="true" /><select idref="V-204540" selected="true" /><select idref="V-204541" selected="true" /><select idref="V-204542" selected="true" /><select idref="V-204543" selected="true" /><select idref="V-204544" selected="true" /><select idref="V-204545" selected="true" /><select idref="V-204546" selected="true" /><select idref="V-204547" selected="true" /><select idref="V-204548" selected="true" /><select idref="V-204549" selected="true" /><select idref="V-204550" selected="true" /><select idref="V-204551" selected="true" /><select idref="V-204552" selected="true" /><select idref="V-204553" selected="true" /><select idref="V-204554" selected="true" /><select idref="V-204555" selected="true" /><select idref="V-204556" selected="true" /><select idref="V-204557" selected="true" /><select idref="V-204558" selected="true" /><select idref="V-204559" selected="true" /><select idref="V-204560" selected="true" /><select idref="V-204562" selected="true" /><select idref="V-204563" selected="true" /><select idref="V-204564" selected="true" /><select idref="V-204565" selected="true" /><select idref="V-204566" selected="true" /><select idref="V-204567" selected="true" /><select idref="V-204568" selected="true" /><select idref="V-204572" selected="true" /><select idref="V-204574" selected="true" /><select idref="V-204575" selected="true" /><select idref="V-204576" selected="true" /><select idref="V-204577" selected="true" /><select idref="V-204578" selected="true" /><select idref="V-204579" selected="true" /><select idref="V-204580" selected="true" /><select idref="V-204581" selected="true" /><select idref="V-204582" selected="true" /><select idref="V-204583" selected="true" /><select idref="V-204584" selected="true" /><select idref="V-204585" selected="true" /><select idref="V-204586" selected="true" /><select idref="V-204587" selected="true" /><select idref="V-204588" selected="true" /><select idref="V-204589" selected="true" /><select idref="V-204590" selected="true" /><select idref="V-204591" selected="true" /><select idref="V-204592" selected="true" /><select idref="V-204593" selected="true" /><select idref="V-204594" selected="true" /><select idref="V-204595" selected="true" /><select idref="V-204596" selected="true" /><select idref="V-204597" selected="true" /><select idref="V-204598" selected="true" /><select idref="V-204599" selected="true" /><select idref="V-204600" selected="true" /><select idref="V-204601" selected="true" /><select idref="V-204602" selected="true" /><select idref="V-204603" selected="true" /><select idref="V-204604" selected="true" /><select idref="V-204605" selected="true" /><select idref="V-204606" selected="true" /><select idref="V-204607" selected="true" /><select idref="V-204608" selected="true" /><select idref="V-204609" selected="true" /><select idref="V-204610" selected="true" /><select idref="V-204611" selected="true" /><select idref="V-204612" selected="true" /><select idref="V-204613" selected="true" /><select idref="V-204614" selected="true" /><select idref="V-204615" selected="true" /><select idref="V-204616" selected="true" /><select idref="V-204617" selected="true" /><select idref="V-204618" selected="true" /><select idref="V-204619" selected="true" /><select idref="V-204620" selected="true" /><select idref="V-204621" selected="true" /><select idref="V-204622" selected="true" /><select idref="V-204623" selected="true" /><select idref="V-204624" selected="true" /><select idref="V-204625" selected="true" /><select idref="V-204626" selected="true" /><select idref="V-204627" selected="true" /><select idref="V-204628" selected="true" /><select idref="V-204629" selected="true" /><select idref="V-204630" selected="true" /><select idref="V-204631" selected="true" /><select idref="V-204632" selected="true" /><select idref="V-204633" selected="true" /><select idref="V-204634" selected="true" /><select idref="V-214799" selected="true" /><select idref="V-214800" selected="true" /><select idref="V-214801" selected="true" /><select idref="V-214937" selected="true" /><select idref="V-219059" selected="true" /><select idref="V-228563" selected="true" /><select idref="V-228564" selected="true" /><select idref="V-233307" selected="true" /><select idref="V-237633" selected="true" /><select idref="V-237634" selected="true" /><select idref="V-237635" selected="true" /><select idref="V-244557" selected="true" /><select idref="V-244558" selected="true" /><select idref="V-250312" selected="true" /><select idref="V-250313" selected="true" /><select idref="V-250314" selected="true" /><select idref="V-251702" selected="true" /><select idref="V-251703" selected="true" /><select idref="V-251704" selected="true" /><select idref="V-251705" selected="true" /></Profile><Group id="V-204392"><title>SRG-OS-000257-GPOS-00098</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204392r646841_rule" weight="10.0" severity="high"><version>RHEL-07-010010</version><title>The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.</title><description>&lt;VulnDiscussion&gt;Discretionary access control is weakened if a user or group has access permissions to system files and directories greater than the default.
 
 Satisfies: SRG-OS-000257-GPOS-00098, SRG-OS-000278-GPOS-00108&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-71849</ident><ident system="http://cyber.mil/legacy">SV-86473</ident><ident system="http://cyber.mil/cci">CCI-001494</ident><ident system="http://cyber.mil/cci">CCI-001496</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-36302r646840_fix">Run the following command to determine which package owns the file:
 
@@ -768,25 +768,25 @@ auth required pam_faillock.so preauth silent audit deny=3 even_deny_root fail_in
 auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root fail_interval=900 unlock_time=900
 account required pam_faillock.so
 
-If the "even_deny_root" setting is not defined on both lines with the "pam_faillock.so" module, is commented out, or is missing from a line, this is a finding.</check-content></check></Rule></Group><Group id="V-204429"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204429r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-010340</version><title>The Red Hat Enterprise Linux operating system must be configured so that users must provide a password for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+If the "even_deny_root" setting is not defined on both lines with the "pam_faillock.so" module, is commented out, or is missing from a line, this is a finding.</check-content></check></Rule></Group><Group id="V-204429"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204429r833190_rule" weight="10.0" severity="medium"><version>RHEL-07-010340</version><title>The Red Hat Enterprise Linux operating system must be configured so that users must provide a password for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
 When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
 
-Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-71947</ident><ident system="http://cyber.mil/legacy">SV-86571</ident><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-36303r602619_fix">Configure the operating system to require users to supply a password for privilege escalation.
+Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-71947</ident><ident system="http://cyber.mil/legacy">SV-86571</ident><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-36303r833189_fix">Configure the operating system to require users to supply a password for privilege escalation.
 
 Check the configuration of the "/etc/sudoers" file with the following command:
-# visudo
+$ sudo visudo
 
-Remove any occurrences of "NOPASSWD" tags in the file.   
+Remove any occurrences of "NOPASSWD" tags in the file.
 
 Check the configuration of the /etc/sudoers.d/* files with the following command:
-# grep -i nopasswd /etc/sudoers.d/*
+$ sudo grep -ir nopasswd /etc/sudoers.d
 
-Remove any occurrences of "NOPASSWD" tags in the file.</fixtext><fix id="F-36303r602619_fix" /><check system="C-36340r602618_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system requires users to supply a password for privilege escalation.
+Remove any occurrences of "NOPASSWD" tags in the file.</fixtext><fix id="F-36303r833189_fix" /><check system="C-36340r833188_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system requires users to supply a password for privilege escalation.
 
 Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*" files with the following command:
 
-# grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
+$ sudo grep -ir nopasswd /etc/sudoers /etc/sudoers.d
 
 If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the Information System Security Officer (ISSO) as an organizationally defined administrative group utilizing MFA, this is a finding.</check-content></check></Rule></Group><Group id="V-204430"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204430r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-010350</version><title>The Red Hat Enterprise Linux operating system must be configured so that users must re-authenticate for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
@@ -1263,13 +1263,15 @@ Verify that the /etc/selinux/config file is configured to the "SELINUXTYPE" to "
 
 SELINUXTYPE = targeted
 
-If no results are returned or "SELINUXTYPE" is not set to "targeted", this is a finding.</check-content></check></Rule></Group><Group id="V-204455"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204455r603261_rule" weight="10.0" severity="high"><version>RHEL-07-020230</version><title>The Red Hat Enterprise Linux operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86617</ident><ident system="http://cyber.mil/legacy">V-71993</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-4579r88558_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the command line with the following command:
+If no results are returned or "SELINUXTYPE" is not set to "targeted", this is a finding.</check-content></check></Rule></Group><Group id="V-204455"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204455r833106_rule" weight="10.0" severity="high"><version>RHEL-07-020230</version><title>The Red Hat Enterprise Linux operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86617</ident><ident system="http://cyber.mil/legacy">V-71993</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-4579r833105_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the command line with the following commands:
+
+$ sudo systemctl disable ctrl-alt-del.target
 
-# systemctl mask ctrl-alt-del.target</fixtext><fix id="F-4579r88558_fix" /><check system="C-4579r88557_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed.
+$ sudo systemctl mask ctrl-alt-del.target</fixtext><fix id="F-4579r833105_fix" /><check system="C-4579r833104_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed.
 
 Check that the ctrl-alt-del.target is masked and not active with the following command:
 
-# systemctl status ctrl-alt-del.target
+$ sudo systemctl status ctrl-alt-del.target
 
 ctrl-alt-del.target
 Loaded: masked (/dev/null; bad)
@@ -2384,85 +2386,85 @@ If both the "b32" and "b64" audit rules are not defined for the "creat", "open",
 
 If the output does not produce rules containing "-F exit=-EPERM", this is a finding.
 
-If the output does not produce rules containing "-F exit=-EACCES", this is a finding.</check-content></check></Rule></Group><Group id="V-204536"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204536r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030560</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the semanage command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the output does not produce rules containing "-F exit=-EACCES", this is a finding.</check-content></check></Rule></Group><Group id="V-204536"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204536r833109_rule" weight="10.0" severity="medium"><version>RHEL-07-030560</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the semanage command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86759</ident><ident system="http://cyber.mil/legacy">V-72135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4660r462613_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "semanage" command occur.
+Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86759</ident><ident system="http://cyber.mil/legacy">V-72135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4660r833108_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "semanage" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4660r462613_fix" /><check system="C-4660r462612_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "semanage" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4660r833108_fix" /><check system="C-4660r833107_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "semanage" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/sbin/semanage /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/semanage" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204537"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204537r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030570</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the setsebool command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204537"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204537r833112_rule" weight="10.0" severity="medium"><version>RHEL-07-030570</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the setsebool command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72137</ident><ident system="http://cyber.mil/legacy">SV-86761</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4661r462616_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
+Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72137</ident><ident system="http://cyber.mil/legacy">SV-86761</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4661r833111_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4661r462616_fix" /><check system="C-4661r462615_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4661r833111_fix" /><check system="C-4661r833110_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/sbin/setsebool /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/setsebool" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204538"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204538r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030580</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chcon command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204538"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204538r833115_rule" weight="10.0" severity="medium"><version>RHEL-07-030580</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chcon command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72139</ident><ident system="http://cyber.mil/legacy">SV-86763</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4662r462619_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chcon" command occur.
+Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72139</ident><ident system="http://cyber.mil/legacy">SV-86763</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4662r833114_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chcon" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4662r462619_fix" /><check system="C-4662r462618_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chcon" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4662r833114_fix" /><check system="C-4662r833113_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chcon" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/bin/chcon /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/chcon" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204539"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204539r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030590</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the setfiles command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204539"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204539r833118_rule" weight="10.0" severity="medium"><version>RHEL-07-030590</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the setfiles command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72141</ident><ident system="http://cyber.mil/legacy">SV-86765</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4663r462622_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
+Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPOS-00209&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72141</ident><ident system="http://cyber.mil/legacy">SV-86765</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4663r833117_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4663r462622_fix" /><check system="C-4663r462621_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4663r833117_fix" /><check system="C-4663r833116_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw /usr/sbin/setfiles /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/setfiles" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204540"><title>SRG-OS-000392-GPOS-00172</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204540r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030610</version><title>The Red Hat Enterprise Linux operating system must generate audit records for all unsuccessful account access events.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -2500,145 +2502,145 @@ Check the file system rules in "/etc/audit/audit.rules" with the following comma
 
 -w /var/log/lastlog -p wa -k logins 
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204542"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204542r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030630</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the passwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204542"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204542r833121_rule" weight="10.0" severity="medium"><version>RHEL-07-030630</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the passwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
-When a user logs on, the auid is set to the uid of the account that is being authenticated.  Daemons are not user sessions and have the loginuid set to -1.  The auid representation is an unsigned 32-bit integer, which equals 4294967295.  The audit system interprets -1, 4294967295, and "unset" in the same way.
+When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86773</ident><ident system="http://cyber.mil/legacy">V-72149</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4666r462625_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "passwd" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86773</ident><ident system="http://cyber.mil/legacy">V-72149</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4666r833120_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "passwd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4666r462625_fix" /><check system="C-4666r462624_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "passwd" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4666r833120_fix" /><check system="C-4666r833119_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "passwd" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/bin/passwd /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/passwd" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204543"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204543r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030640</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204543"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204543r833124_rule" weight="10.0" severity="medium"><version>RHEL-07-030640</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86775</ident><ident system="http://cyber.mil/legacy">V-72151</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4667r462628_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86775</ident><ident system="http://cyber.mil/legacy">V-72151</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4667r833123_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4667r462628_fix" /><check system="C-4667r462627_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4667r833123_fix" /><check system="C-4667r833122_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/unix_chkpwd" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204544"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204544r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030650</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204544"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204544r833127_rule" weight="10.0" severity="medium"><version>RHEL-07-030650</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86777</ident><ident system="http://cyber.mil/legacy">V-72153</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4668r462631_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86777</ident><ident system="http://cyber.mil/legacy">V-72153</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4668r833126_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-The audit daemon must be restarted for the changes to take effect. </fixtext><fix id="F-4668r462631_fix" /><check system="C-4668r462630_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4668r833126_fix" /><check system="C-4668r833125_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/bin/gpasswd /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/gpasswd" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204545"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204545r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030660</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chage command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204545"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204545r833130_rule" weight="10.0" severity="medium"><version>RHEL-07-030660</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chage command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86779</ident><ident system="http://cyber.mil/legacy">V-72155</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4669r462634_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chage" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86779</ident><ident system="http://cyber.mil/legacy">V-72155</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4669r833129_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chage" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4669r462634_fix" /><check system="C-4669r462633_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chage" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4669r833129_fix" /><check system="C-4669r833128_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chage" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/bin/chage /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/chage" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204546"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204546r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030670</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204546"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204546r833133_rule" weight="10.0" severity="medium"><version>RHEL-07-030670</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86781</ident><ident system="http://cyber.mil/legacy">V-72157</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4670r462637_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86781</ident><ident system="http://cyber.mil/legacy">V-72157</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4670r833132_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4670r462637_fix" /><check system="C-4670r462636_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4670r833132_fix" /><check system="C-4670r833131_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
 
 Check the file system rule in "/etc/audit/audit.rules" with the following command:
 
-# grep -i /usr/sbin/userhelper /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/userhelper" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204547"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204547r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030680</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the su command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204547"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204547r833136_rule" weight="10.0" severity="medium"><version>RHEL-07-030680</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the su command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged access commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86783</ident><ident system="http://cyber.mil/legacy">V-72159</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4671r462640_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "su" command occur.
+Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86783</ident><ident system="http://cyber.mil/legacy">V-72159</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4671r833135_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "su" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
+-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4671r462640_fix" /><check system="C-4671r462639_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "su" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4671r833135_fix" /><check system="C-4671r833134_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "su" command occur.
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/bin/su /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/su" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204548"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204548r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030690</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the sudo command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204548"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204548r833139_rule" weight="10.0" severity="medium"><version>RHEL-07-030690</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the sudo command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged access commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72161</ident><ident system="http://cyber.mil/legacy">SV-86785</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4672r462643_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "sudo" command occur.
+Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72161</ident><ident system="http://cyber.mil/legacy">SV-86785</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4672r833138_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "sudo" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
+-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4672r462643_fix" /><check system="C-4672r462642_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "sudo" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4672r833138_fix" /><check system="C-4672r833137_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "sudo" command occur.
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/bin/sudo /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/sudo" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204549"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204549r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030700</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -2664,255 +2666,255 @@ Check for modification of the following files being audited by performing the fo
 
 -w /etc/sudoers.d/ -p wa -k privileged-actions
 
-If the commands do not return output that match the examples, this is a finding.</check-content></check></Rule></Group><Group id="V-204550"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204550r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030710</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the commands do not return output that match the examples, this is a finding.</check-content></check></Rule></Group><Group id="V-204550"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204550r833142_rule" weight="10.0" severity="medium"><version>RHEL-07-030710</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged access commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72165</ident><ident system="http://cyber.mil/legacy">SV-86789</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4674r462646_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
+Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72165</ident><ident system="http://cyber.mil/legacy">SV-86789</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4674r833141_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4674r462646_fix" /><check system="C-4674r462645_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4674r833141_fix" /><check system="C-4674r833140_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -i /usr/bin/newgrp /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/newgrp" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204551"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204551r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030720</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chsh command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204551"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204551r833145_rule" weight="10.0" severity="medium"><version>RHEL-07-030720</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the chsh command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged access commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86791</ident><ident system="http://cyber.mil/legacy">V-72167</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4675r462649_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chsh" command occur.
+Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000462-GPOS-00206, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86791</ident><ident system="http://cyber.mil/legacy">V-72167</ident><ident system="http://cyber.mil/cci">CCI-000130</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4675r833144_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chsh" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4675r462649_fix" /><check system="C-4675r462648_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chsh" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4675r833144_fix" /><check system="C-4675r833143_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "chsh" command occur.
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -i /usr/bin/chsh /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/chsh" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204552"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204552r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030740</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204552"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204552r833148_rule" weight="10.0" severity="medium"><version>RHEL-07-030740</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged mount commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72171</ident><ident system="http://cyber.mil/legacy">SV-86795</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4676r462652_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72171</ident><ident system="http://cyber.mil/legacy">SV-86795</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4676r833147_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
 -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
--a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
+-a always,exit -F path=/usr/bin/mount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4676r462652_fix" /><check system="C-4676r462651_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4676r833147_fix" /><check system="C-4676r833146_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
 Check that the following system call is being audited by performing the following series of commands to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw "mount" /etc/audit/audit.rules
+$ sudo grep -w "mount" /etc/audit/audit.rules
 
 -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
--a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
+-a always,exit -F path=/usr/bin/mount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 
 If both the "b32" and "b64" audit rules are not defined for the "mount" syscall, this is a finding.
 
-If all uses of the "mount" command are not being audited, this is a finding.</check-content></check></Rule></Group><Group id="V-204553"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204553r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030750</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the umount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If all uses of the "mount" command are not being audited, this is a finding.</check-content></check></Rule></Group><Group id="V-204553"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204553r833151_rule" weight="10.0" severity="medium"><version>RHEL-07-030750</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the umount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged mount commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72173</ident><ident system="http://cyber.mil/legacy">SV-86797</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4677r462655_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "umount" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72173</ident><ident system="http://cyber.mil/legacy">SV-86797</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4677r833150_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "umount" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
+-a always,exit -F path=/usr/bin/umount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4677r462655_fix" /><check system="C-4677r462654_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "umount" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4677r833150_fix" /><check system="C-4677r833149_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "umount" command occur.
 
 Check that the following system call is being audited by performing the following series of commands to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw "/usr/bin/umount" /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/umount" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=unset -k privileged-mount 
+-a always,exit -F path=/usr/bin/umount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount 
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204554"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204554r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030760</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204554"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204554r833154_rule" weight="10.0" severity="medium"><version>RHEL-07-030760</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged postfix commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72175</ident><ident system="http://cyber.mil/legacy">SV-86799</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4678r462658_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72175</ident><ident system="http://cyber.mil/legacy">SV-86799</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4678r833153_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4678r462658_fix" /><check system="C-4678r462657_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4678r833153_fix" /><check system="C-4678r833152_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/sbin/postdrop /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/postdrop" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204555"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204555r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030770</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204555"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204555r833157_rule" weight="10.0" severity="medium"><version>RHEL-07-030770</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged postfix commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86801</ident><ident system="http://cyber.mil/legacy">V-72177</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4679r462661_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86801</ident><ident system="http://cyber.mil/legacy">V-72177</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4679r833156_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4679r462661_fix" /><check system="C-4679r462660_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4679r833156_fix" /><check system="C-4679r833155_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/sbin/postqueue /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/postqueue" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204556"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204556r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030780</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204556"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204556r833160_rule" weight="10.0" severity="medium"><version>RHEL-07-030780</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged ssh commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86803</ident><ident system="http://cyber.mil/legacy">V-72179</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4680r462664_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86803</ident><ident system="http://cyber.mil/legacy">V-72179</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4680r833159_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
+-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4680r462664_fix" /><check system="C-4680r462663_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4680r833159_fix" /><check system="C-4680r833158_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules
+$ sudo grep -w "/usr/libexec/openssh/ssh-keysign" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
+-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204557"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204557r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030800</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the crontab command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204557"><title>SRG-OS-000042-GPOS-00020</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204557r833163_rule" weight="10.0" severity="medium"><version>RHEL-07-030800</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the crontab command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
 When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
-Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86807</ident><ident system="http://cyber.mil/legacy">V-72183</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4681r462667_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
+Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86807</ident><ident system="http://cyber.mil/legacy">V-72183</ident><ident system="http://cyber.mil/cci">CCI-000135</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-002884</ident><fixtext fixref="F-4681r833162_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=unset -k privileged-cron
+-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-cron
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4681r462667_fix" /><check system="C-4681r462666_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4681r833162_fix" /><check system="C-4681r833161_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
 
 Check that the following system call is being audited by performing the following command to check the file system rules in "/etc/audit/audit.rules": 
 
-# grep -iw /usr/bin/crontab /etc/audit/audit.rules
+$ sudo grep -w "/usr/bin/crontab" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=unset -k privileged-cron
+-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-cron
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204558"><title>SRG-OS-000471-GPOS-00215</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204558r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030810</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204558"><title>SRG-OS-000471-GPOS-00215</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204558r833166_rule" weight="10.0" severity="medium"><version>RHEL-07-030810</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
-When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72185</ident><ident system="http://cyber.mil/legacy">SV-86809</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4682r462670_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
+When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72185</ident><ident system="http://cyber.mil/legacy">SV-86809</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4682r833165_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F auid!=unset -k privileged-pam
+-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-pam
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4682r462670_fix" /><check system="C-4682r462669_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4682r833165_fix" /><check system="C-4682r833164_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
 
 Check the auditing rules in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw "/usr/sbin/pam_timestamp_check" /etc/audit/audit.rules
+$ sudo grep -w "/usr/sbin/pam_timestamp_check" /etc/audit/audit.rules
 
--a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F auid!=unset -k privileged-pam 
+-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-pam 
 
-If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204559"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204559r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030819</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the create_module syscall.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
+If the command does not return any output, this is a finding.</check-content></check></Rule></Group><Group id="V-204559"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204559r833169_rule" weight="10.0" severity="medium"><version>RHEL-07-030819</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the create_module syscall.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
-Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-78999</ident><ident system="http://cyber.mil/legacy">SV-93705</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4683r88870_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "create_module" syscall occur.
+Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-78999</ident><ident system="http://cyber.mil/legacy">SV-93705</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4683r833168_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "create_module" syscall occur.
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F arch=b32 -S create_module -k module-change
+-a always,exit -F arch=b32 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S create_module -k module-change
+-a always,exit -F arch=b64 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4683r88870_fix" /><check system="C-4683r88869_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "create_module" syscall occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4683r833168_fix" /><check system="C-4683r833167_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "create_module" syscall occur. 
 
 Check the auditing rules in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw create_module /etc/audit/audit.rules
+$ sudo grep -w "create_module" /etc/audit/audit.rules
 
--a always,exit -F arch=b32 -S create_module -k module-change
+-a always,exit -F arch=b32 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S create_module -k module-change
+-a always,exit -F arch=b64 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
-If both the "b32" and "b64" audit rules are not defined for the "create_module" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-204560"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204560r809822_rule" weight="10.0" severity="medium"><version>RHEL-07-030820</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the init_module and finit_module syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
-
-Audit records can be generated from various components within the information system (e.g., module or policy filter).
-
-The system call rules are loaded into a matching engine that intercepts each syscall made by all programs on the system. Therefore, it is very important to use syscall rules only when absolutely necessary since these affect performance. The more rules, the bigger the performance hit. The performance can be helped, however, by combining syscalls into one rule whenever possible.
-
-Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72187</ident><ident system="http://cyber.mil/legacy">SV-86811</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4684r809821_fix">Configure the operating system to generate audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
-
-Add or update the following rules in "/etc/audit/rules.d/audit.rules":
-
--a always,exit -F arch=b32 -S init_module,finit_module -k modulechange
-
--a always,exit -F arch=b64 -S init_module,finit_module -k modulechange
-
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4684r809821_fix" /><check system="C-4684r809816_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
-
-Check the auditing rules in "/etc/audit/audit.rules" with the following command:
-
-# grep init_module /etc/audit/audit.rules 
-
--a always,exit -F arch=b32 -S init_module,finit_module -k modulechange
-
--a always,exit -F arch=b64 -S init_module,finit_module -k modulechange
-
-If both the "b32" and "b64" audit rules are not defined for the "init_module" and "finit_module" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-204562"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204562r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030830</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the delete_module syscall.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
+If both the "b32" and "b64" audit rules are not defined for the "create_module" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-204560"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204560r833172_rule" weight="10.0" severity="medium"><version>RHEL-07-030820</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the init_module and finit_module syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
-Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72189</ident><ident system="http://cyber.mil/legacy">SV-86813</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4686r88879_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
+The system call rules are loaded into a matching engine that intercepts each syscall made by all programs on the system. Therefore, it is very important to use syscall rules only when absolutely necessary since these affect performance. The more rules, the bigger the performance hit. The performance can be helped, however, by combining syscalls into one rule whenever possible.
+
+Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72187</ident><ident system="http://cyber.mil/legacy">SV-86811</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4684r833171_fix">Configure the operating system to generate audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
+
+Add or update the following rules in "/etc/audit/rules.d/audit.rules":
+
+-a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
+
+-a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
+
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4684r833171_fix" /><check system="C-4684r833170_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
+
+Check the auditing rules in "/etc/audit/audit.rules" with the following command:
+
+$ sudo grep init_module /etc/audit/audit.rules 
+
+-a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
+
+-a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
+
+If both the "b32" and "b64" audit rules are not defined for the "init_module" and "finit_module" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-204562"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204562r833175_rule" weight="10.0" severity="medium"><version>RHEL-07-030830</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the delete_module syscall.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
+
+Audit records can be generated from various components within the information system (e.g., module or policy filter).
+
+Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-72189</ident><ident system="http://cyber.mil/legacy">SV-86813</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><fixtext fixref="F-4686r833174_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F arch=b32 -S delete_module -k module-change
+-a always,exit -F arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S delete_module -k module-change
+-a always,exit -F arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
-The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4686r88879_fix" /><check system="C-4686r88878_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
+The audit daemon must be restarted for the changes to take effect.</fixtext><fix id="F-4686r833174_fix" /><check system="C-4686r833173_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system generates audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
 
 Check the auditing rules in "/etc/audit/audit.rules" with the following command:
 
-# grep -iw delete_module /etc/audit/audit.rules
+$ sudo grep -w "delete_module" /etc/audit/audit.rules
 
--a always,exit -F arch=b32 -S delete_module -k module-change
+-a always,exit -F arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S delete_module -k module-change
+-a always,exit -F arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
 If both the "b32" and "b64" audit rules are not defined for the "delete_module" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-204563"><title>SRG-OS-000471-GPOS-00216</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204563r603261_rule" weight="10.0" severity="medium"><version>RHEL-07-030840</version><title>The Red Hat Enterprise Linux operating system must audit all uses of the kmod command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
@@ -4408,23 +4410,22 @@ $ sudo grep -iw 'ALL' /etc/sudoers /etc/sudoers.d/*
 
 If the either of the following entries are returned, this is a finding:
 ALL     ALL=(ALL) ALL
-ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-237634"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237634r809213_rule" weight="10.0" severity="medium"><version>RHEL-07-010342</version><title>The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".</title><description>&lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
+ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-237634"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237634r833177_rule" weight="10.0" severity="medium"><version>RHEL-07-010342</version><title>The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".</title><description>&lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
 For more information on each of the listed configurations, reference the sudoers(5) manual page.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002227</ident><fixtext fixref="F-40816r646852_fix">Define the following in the Defaults section of the /etc/sudoers file or a configuration file in the /etc/sudoers.d/ directory:
 Defaults !targetpw
 Defaults !rootpw
-Defaults !runaspw</fixtext><fix id="F-40816r646852_fix" /><check system="C-40853r809212_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify that the sudoers security policy is configured to use the invoking user's password for privilege escalation.
+Defaults !runaspw</fixtext><fix id="F-40816r646852_fix" /><check system="C-40853r833176_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify that the sudoers security policy is configured to use the invoking user's password for privilege escalation.
 
-$ sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#'
+$ sudo egrep -ir '(rootpw|targetpw|runaspw)' /etc/sudoers /etc/sudoers.d* | grep -v '#'
 
 /etc/sudoers:Defaults !targetpw
 /etc/sudoers:Defaults !rootpw
 /etc/sudoers:Defaults !runaspw
 
-If no results are returned, this is a finding.
-If results are returned from more than one file location, this is a finding.
+If conflicting results are returned, this is a finding.
 If "Defaults !targetpw" is not defined, this is a finding.
 If "Defaults !rootpw" is not defined, this is a finding.
-If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237635"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237635r809215_rule" weight="10.0" severity="medium"><version>RHEL-07-010343</version><title>The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237635"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237635r833179_rule" weight="10.0" severity="medium"><version>RHEL-07-010343</version><title>The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
 When operating systems provide the capability to escalate a functional capability, it is critical the organization requires the user to re-authenticate when using the "sudo" command.
 
@@ -4434,21 +4435,25 @@ $ sudo visudo
 
 Add or modify the following line:
 Defaults timestamp_timeout=[value]
-Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40817r646855_fix" /><check system="C-40854r809214_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
+Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40817r646855_fix" /><check system="C-40854r833178_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
 
-$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
+$ sudo grep -ir 'timestamp_timeout' /etc/sudoers /etc/sudoers.d
 /etc/sudoers:Defaults timestamp_timeout=0
 
-If results are returned from more than one file location, this is a finding.
+If conflicting results are returned, this is a finding.
 
-If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-244557"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244557r792838_rule" weight="10.0" severity="medium"><version>RHEL-07-010483</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
-The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47789r744062_fix">Configure the system to have a unique name for the grub superusers account.
+If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-244557"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244557r833185_rule" weight="10.0" severity="medium"><version>RHEL-07-010483</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47789r833184_fix">Configure the system to have a unique name for the grub superusers account.
 
-Edit the /boot/grub2/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+Edit the /etc/grub.d/01_users file and add or modify the following lines:
 
 set superusers="[someuniquestringhere]"
 export superusers
-password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}</fixtext><fix id="F-47789r744062_fix" /><check system="C-47832r792837_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
+password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+
+Generate a new grub.cfg file with the following command:
+
+$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg</fixtext><fix id="F-47789r833184_fix" /><check system="C-47832r792837_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
 
 For systems that are running a version of RHEL prior to 7.2, this is Not Applicable.
 
@@ -4458,14 +4463,18 @@ Verify that a unique name is set as the "superusers" account:
     set superusers="[someuniquestringhere]"
     export superusers
 
-If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244558"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244558r792840_rule" weight="10.0" severity="medium"><version>RHEL-07-010492</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
-The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47790r744065_fix">Configure the system to have a unique name for the grub superusers account.
+If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244558"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244558r833187_rule" weight="10.0" severity="medium"><version>RHEL-07-010492</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47790r833186_fix">Configure the system to have a unique name for the grub superusers account.
 
-Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+Edit the /etc/grub.d/01_users file and add or modify the following lines:
 
 set superusers="[someuniquestringhere]"
 export superusers
-password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}</fixtext><fix id="F-47790r744065_fix" /><check system="C-47833r792839_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+
+Generate a new grub.cfg file with the following command:
+
+$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47790r833186_fix" /><check system="C-47833r792839_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
 
 For systems that are running a version of RHEL prior to 7.2, this is Not Applicable.
 
@@ -4521,22 +4530,20 @@ Check the SELinux ssh_sysadm_login boolean with the following command:
 $ sudo getsebool ssh_sysadm_login
 ssh_sysadm_login --&gt; off
 
-If the "ssh_sysadm_login" boolean is not "off" and is not documented with the ISSO as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-250314"><title>SRG-OS-000324-GPOS-00125</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-250314r809217_rule" weight="10.0" severity="medium"><version>RHEL-07-020023</version><title>The Red Hat Enterprise Linux operating system must elevate the SELinux context when an administrator calls the sudo command.</title><description>&lt;VulnDiscussion&gt;Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
+If the "ssh_sysadm_login" boolean is not "off" and is not documented with the ISSO as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-250314"><title>SRG-OS-000324-GPOS-00125</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-250314r833181_rule" weight="10.0" severity="medium"><version>RHEL-07-020023</version><title>The Red Hat Enterprise Linux operating system must elevate the SELinux context when an administrator calls the sudo command.</title><description>&lt;VulnDiscussion&gt;Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.
 
 Privileged functions include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-privileged users are individuals who do not possess appropriate authorizations. Circumventing intrusion detection and prevention mechanisms or malicious code protection mechanisms are examples of privileged functions that require protection from non-privileged users.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-53702r792848_fix">Configure the operating system to elevate the SELinux context when an administrator calls the sudo command.
 Edit a file in the /etc/sudoers.d directory with the following command:
 $ sudo visudo -f /etc/sudoers.d/&lt;customfile&gt;
 
 Use the following example to build the &lt;customfile&gt; in the /etc/sudoers.d directory to allow any administrator belonging to a designated sudoers admin group to elevate their SELinux context with the use of the sudo command:
-%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL</fixtext><fix id="F-53702r792848_fix" /><check system="C-53748r809216_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Note: Per OPORD 16-0080, the preferred endpoint security tool is Endpoint Security for Linux (ENSL) in conjunction with SELinux.
-
-Verify the operating system elevates the SELinux context when an administrator calls the sudo command with the following command:
+%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL</fixtext><fix id="F-53702r792848_fix" /><check system="C-53748r833180_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system elevates the SELinux context when an administrator calls the sudo command with the following command:
 
 This command must be ran as root:
-# grep sysadm_r /etc/sudoers /etc/sudoers.d/*
+# grep -r sysadm_r /etc/sudoers /etc/sudoers.d
 %wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL
 
-If results are returned from more than one file location, this is a finding.
+If conflicting results are returned, this is a finding.
 
 If a designated sudoers administrator group or account(s) is not configured to elevate the SELinux type and role to "sysadm_t" and "sysadm_r" with the use of the sudo command, this is a finding.</check-content></check></Rule></Group><Group id="V-251702"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251702r809220_rule" weight="10.0" severity="high"><version>RHEL-07-010291</version><title>The Red Hat Enterprise Linux operating system must not have accounts configured with blank or null passwords.</title><description>&lt;VulnDiscussion&gt;If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-55093r809219_fix">Configure all accounts on the system to have a password or lock the account with the following commands:
 
@@ -4547,8 +4554,8 @@ $ sudo passwd -l [username]</fixtext><fix id="F-55093r809219_fix" /><check syste
 
 $ sudo awk -F: '!$2 {print $1}' /etc/shadow
 
-If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-251703"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251703r809566_rule" weight="10.0" severity="medium"><version>RHEL-07-010339</version><title>The Red Hat Enterprise Linux operating system must specify the default "include" directory for the /etc/sudoers file.</title><description>&lt;VulnDiscussion&gt;The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as the programs they are allowed to run. Some configuration options in the "/etc/sudoers" file allow configured users to run programs without re-authenticating. Use of these configuration options makes it easier for one compromised account to be used to compromise other accounts.
-
+If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-251703"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251703r833183_rule" weight="10.0" severity="medium"><version>RHEL-07-010339</version><title>The Red Hat Enterprise Linux operating system must specify the default "include" directory for the /etc/sudoers file.</title><description>&lt;VulnDiscussion&gt;The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as the programs they are allowed to run. Some configuration options in the "/etc/sudoers" file allow configured users to run programs without re-authenticating. Use of these configuration options makes it easier for one compromised account to be used to compromise other accounts.
+
 It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives. When sudo reaches this line it will suspend processing of the current file (/etc/sudoers) and switch to the specified file/directory. Once the end of the included file(s) is reached, the rest of /etc/sudoers will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loops.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-55094r809222_fix">Configure the /etc/sudoers file to only include the /etc/sudoers.d directory.
 
 Edit the /etc/sudoers file with the following command:
@@ -4556,7 +4563,9 @@ Edit the /etc/sudoers file with the following command:
 $ sudo visudo
 
 Add or modify the following line:
-#includedir /etc/sudoers.d</fixtext><fix id="F-55094r809222_fix" /><check system="C-55140r809221_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the operating system specifies only the default "include" directory for the /etc/sudoers file with the following command:
+#includedir /etc/sudoers.d</fixtext><fix id="F-55094r809222_fix" /><check system="C-55140r833182_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Note: If the "include" and "includedir" directives are not present in the /etc/sudoers file, this requirement is not applicable.
+
+Verify the operating system specifies only the default "include" directory for the /etc/sudoers file with the following command:
 
 $ sudo grep include /etc/sudoers
 
@@ -4566,7 +4575,7 @@ If the results are not "/etc/sudoers.d" or additional files or directories are s
 
 Verify the operating system does not have nested "include" files or directories within the /etc/sudoers.d directory with the following command:
 
-$ sudo grep include /etc/sudoers.d/*
+$ sudo grep -r include /etc/sudoers.d
 
 If results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-251704"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251704r809568_rule" weight="10.0" severity="medium"><version>RHEL-07-010344</version><title>The Red Hat Enterprise Linux operating system must not be configured to bypass password requirements for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
@@ -4583,17 +4592,17 @@ Check the configuration of the "/etc/pam.d/sudo" file with the following command
 
 $ sudo grep pam_succeed_if /etc/pam.d/sudo
 
-If any occurrences of "pam_succeed_if" is returned from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-251705"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251705r809229_rule" weight="10.0" severity="medium"><version>RHEL-07-020029</version><title>The Red Hat Enterprise Linux operating system must use a file integrity tool to verify correct operation of all security functions.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+If any occurrences of "pam_succeed_if" is returned from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-251705"><title>SRG-OS-000445-GPOS-00199</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251705r833192_rule" weight="10.0" severity="medium"><version>RHEL-07-020029</version><title>The Red Hat Enterprise Linux operating system must use a file integrity tool to verify correct operation of all security functions.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
 This requirement applies to the Red Hat Enterprise Linux operating system performing security function verification/testing and/or systems and environments that require this functionality.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002696</ident><fixtext fixref="F-55096r809228_fix">Install the AIDE package by running the following command:
 
-$ sudo yum install aide</fixtext><fix id="F-55096r809228_fix" /><check system="C-55142r809227_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify that Advanced Intrusion Detection Environment (AIDE) is installed and verifies the correct operation of all security functions.
+$ sudo yum install aide</fixtext><fix id="F-55096r809228_fix" /><check system="C-55142r833191_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify that Advanced Intrusion Detection Environment (AIDE) is installed and verifies the correct operation of all security functions.
 
 Check that the AIDE package is installed with the following command:
 
 $ sudo rpm -q aide
 
-aide-0.16-14.el8.x86_64
+aide-0.15.1-13.el7.x86_64
 
 If AIDE is not installed, ask the System Administrator how file integrity checks are performed on the system. 
 
diff --git a/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r8-xccdf-scap.xml
old mode 100644
new mode 100755
similarity index 97%
rename from shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml
rename to shared/references/disa-stig-rhel7-v3r8-xccdf-scap.xml
index c648ce6449..5372091716
--- a/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel7-v3r8-xccdf-scap.xml
@@ -1,37 +1,37 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<data-stream-collection xmlns="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_mil.disa.stig_collection_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark" schematron-version="1.2" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2 http://scap.nist.gov/schema/xccdf/1.2/xccdf_1.2.xsd http://cpe.mitre.org/dictionary/2.0 http://scap.nist.gov/schema/cpe/2.3/cpe-dictionary_2.3.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/unix-definitions-schema.xsd http://scap.nist.gov/schema/scap/source/1.2 http://scap.nist.gov/schema/scap/1.2/scap-source-data-stream_1.2.xsd">
-  <data-stream id="scap_mil.disa.stig_datastream_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark" use-case="CONFIGURATION" scap-version="1.2" timestamp="2022-03-28T12:32:37">
+<data-stream-collection xmlns="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_mil.disa.stig_collection_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark" schematron-version="1.2" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2 http://scap.nist.gov/schema/xccdf/1.2/xccdf_1.2.xsd http://cpe.mitre.org/dictionary/2.0 http://scap.nist.gov/schema/cpe/2.3/cpe-dictionary_2.3.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix http://oval.mitre.org/language/download/schema/version5.10.1/ovaldefinition/complete/unix-definitions-schema.xsd http://scap.nist.gov/schema/scap/source/1.2 http://scap.nist.gov/schema/scap/1.2/scap-source-data-stream_1.2.xsd">
+  <data-stream id="scap_mil.disa.stig_datastream_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark" use-case="CONFIGURATION" scap-version="1.2" timestamp="2022-06-28T15:26:15">
     <dictionaries>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml">
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml">
         <cat:catalog xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-          <cat:uri name="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" />
+          <cat:uri name="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" />
         </cat:catalog>
       </component-ref>
     </dictionaries>
     <checklists>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-xccdf.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-xccdf.xml">
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-xccdf.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-xccdf.xml">
         <cat:catalog xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog">
-          <cat:uri name="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+          <cat:uri name="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" uri="#scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
         </cat:catalog>
       </component-ref>
     </checklists>
     <checks>
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
-      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" />
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
+      <component-ref xmlns:xlink="http://www.w3.org/1999/xlink" id="scap_mil.disa.stig_cref_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" xlink:href="#scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" />
     </checks>
   </data-stream>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml" timestamp="2022-03-28T12:32:37">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-dictionary.xml" timestamp="2022-06-28T15:26:15">
     <cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0">
       <cpe-item name="cpe:/o:redhat:enterprise_linux:7">
         <title xml:lang="en-us">Red Hat Enterprise Linux 7</title>
         <!-- the check references an OVAL file that contains an inventory definition -->
-        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml">oval:mil.disa.stig.rhel7:def:1</check>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml">oval:mil.disa.stig.rhel7:def:1</check>
       </cpe-item>
     </cpe-list>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-xccdf.xml" timestamp="2022-03-28T12:32:37">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-xccdf.xml" timestamp="2022-06-28T15:26:15">
     <xccdf:Benchmark xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xhtml="http://www.w3.org/1999/xhtml" id="xccdf_mil.disa.stig_benchmark_RHEL_7_STIG" xml:lang="en" style="SCAP_1.2">
-      <xccdf:status date="2022-02-17">accepted</xccdf:status>
+      <xccdf:status date="2022-06-06">accepted</xccdf:status>
       <xccdf:title>Red Hat Enterprise Linux 7 Security Technical Implementation Guide</xccdf:title>
       <xccdf:description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</xccdf:description>
       <xccdf:notice id="terms-of-use" xml:lang="en" />
@@ -41,11 +41,11 @@
         <dc:publisher>DISA</dc:publisher>
         <dc:source>STIG.DOD.MIL</dc:source>
       </xccdf:reference>
-      <xccdf:plain-text id="release-info">Release: 3.7 Benchmark Date: 27 Apr 2022</xccdf:plain-text>
+      <xccdf:plain-text id="release-info">Release: 3.8 Benchmark Date: 27 Jul 2022</xccdf:plain-text>
       <xccdf:plain-text id="generator">3.3.0.27375</xccdf:plain-text>
       <xccdf:plain-text id="conventionsVersion">1.10.0</xccdf:plain-text>
       <xccdf:platform idref="cpe:/o:redhat:enterprise_linux:7" />
-      <xccdf:version update="http://iase.disa.mil/stigs">003.007</xccdf:version>
+      <xccdf:version update="http://iase.disa.mil/stigs">003.008</xccdf:version>
       <xccdf:metadata>
         <dc:creator>DISA</dc:creator>
         <dc:publisher>DISA</dc:publisher>
@@ -1559,7 +1559,7 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204422r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204423r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204426r809190_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204429r603261_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204429r833190_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204430r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204431r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204434r603261_rule" selected="false" />
@@ -1599,32 +1599,32 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204521r809772_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204524r809775_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204531r809815_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204536r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204537r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204538r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204539r603261_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204536r833109_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204537r833112_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204538r833115_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204539r833118_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204540r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204541r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204542r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204543r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204544r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204545r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204546r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204547r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204548r603261_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204542r833121_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204543r833124_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204544r833127_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204545r833130_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204546r833133_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204547r833136_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204548r833139_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204549r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204550r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204551r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204552r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204553r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204554r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204555r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204556r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204557r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204558r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204559r603261_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204560r809822_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204562r603261_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204550r833142_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204551r833145_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204552r833148_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204553r833151_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204554r833154_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204555r833157_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204556r833160_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204557r833163_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204558r833166_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204559r833169_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204560r833172_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204562r833175_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204563r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204564r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204565r603261_rule" selected="false" />
@@ -1668,8 +1668,8 @@
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204632r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-204633r603261_rule" selected="false" />
         <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-237633r646850_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-237634r809213_rule" selected="false" />
-        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-237635r809215_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-237634r833177_rule" selected="false" />
+        <xccdf:select idref="xccdf_mil.disa.stig_rule_SV-237635r833179_rule" selected="false" />
       </xccdf:Profile>
       <xccdf:Value id="xccdf_mil.disa.stig_value_var_password_pam_unix_remember" operator="equals" type="number">
         <xccdf:title xml:lang="en-US">remember</xccdf:title>
@@ -1948,7 +1948,7 @@ Update the system databases:
 Users must log out and back in again before the system-wide settings take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4517r88372_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:922" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:922" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -1994,7 +1994,7 @@ Update the system databases:
 Users must log out and back in again before the system-wide settings take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4520r88381_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:988" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:988" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2038,7 +2038,7 @@ Update the system databases:
 # dconf update</xccdf:fixtext>
           <xccdf:fix id="F-4521r88384_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92515" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92515" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2084,7 +2084,7 @@ Users must log out and back in again before the system-wide settings take effect
           <xccdf:fix id="F-4522r88387_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3828" value-id="xccdf_mil.disa.stig_value_inactivity_timeout_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:981" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:981" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2121,7 +2121,7 @@ Add the setting to lock the screensaver lock delay:
 /org/gnome/desktop/screensaver/lock-delay</xccdf:fixtext>
           <xccdf:fix id="F-4523r88390_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:999" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:999" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2164,7 +2164,7 @@ Update the system databases:
 Users must log out and back in again before the system-wide settings take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4526r88399_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:978" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:978" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2202,7 +2202,7 @@ Add the setting to lock the screensaver idle-activation-enabled setting:
 /org/gnome/desktop/screensaver/idle-activation-enabled</xccdf:fixtext>
           <xccdf:fix id="F-4527r88402_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:93703" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:93703" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2246,7 +2246,7 @@ Update the system databases:
 Users must log out and back in again before the system-wide settings take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4528r88405_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:985" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:985" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2274,7 +2274,7 @@ Add the following line to "/etc/pam.d/passwd" (or modify the line to have the re
 password     substack    system-auth</xccdf:fixtext>
           <xccdf:fix id="F-4529r88408_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95715" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95715" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2305,7 +2305,7 @@ password required pam_pwquality.so retry=3
 Note: The value of "retry" should be between "1" and "3".</xccdf:fixtext>
           <xccdf:fix id="F-4530r88411_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:481" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:481" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2337,7 +2337,7 @@ ucredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-4531r88414_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3805" value-id="xccdf_mil.disa.stig_value_var_password_pam_ucredit" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:484" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:484" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2370,7 +2370,7 @@ lcredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-4532r88417_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3798" value-id="xccdf_mil.disa.stig_value_var_password_pam_lcredit" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:468" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:468" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2402,7 +2402,7 @@ dcredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-4533r88420_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3796" value-id="xccdf_mil.disa.stig_value_var_password_pam_dcredit" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:463" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:463" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2434,7 +2434,7 @@ ocredit = -1</xccdf:fixtext>
           <xccdf:fix id="F-4534r88423_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3803" value-id="xccdf_mil.disa.stig_value_var_password_pam_ocredit" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:478" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:478" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2466,7 +2466,7 @@ difok = 8</xccdf:fixtext>
           <xccdf:fix id="F-4535r88426_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3797" value-id="xccdf_mil.disa.stig_value_var_password_pam_difok" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:466" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:466" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2498,7 +2498,7 @@ minclass = 4</xccdf:fixtext>
           <xccdf:fix id="F-4536r88429_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3801" value-id="xccdf_mil.disa.stig_value_var_password_pam_minclass" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:474" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:474" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2530,7 +2530,7 @@ maxrepeat = 3</xccdf:fixtext>
           <xccdf:fix id="F-4537r88432_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3800" value-id="xccdf_mil.disa.stig_value_var_password_pam_maxrepeat" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:472" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:472" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2562,7 +2562,7 @@ maxclassrepeat = 4</xccdf:fixtext>
           <xccdf:fix id="F-4538r88435_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3799" value-id="xccdf_mil.disa.stig_value_var_password_pam_maxclassrepeat" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:470" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:470" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2595,7 +2595,7 @@ pam_unix.so sha512 shadow try_first_pass use_authtok
 Note: Manual changes to the listed files may be overwritten by the "authconfig" program. The "authconfig" program should not be used to update the configurations listed in this requirement.</xccdf:fixtext>
           <xccdf:fix id="F-4539r88438_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1367" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1367" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2624,7 +2624,7 @@ Add or update the following line in "/etc/login.defs":
 ENCRYPT_METHOD SHA512</xccdf:fixtext>
           <xccdf:fix id="F-4540r88441_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1365" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1365" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2653,7 +2653,7 @@ Add or update the following line in "/etc/libuser.conf" in the [defaults] sectio
 crypt_style = sha512</xccdf:fixtext>
           <xccdf:fix id="F-4541r88444_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1363" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1363" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2683,7 +2683,7 @@ PASS_MIN_DAYS     1</xccdf:fixtext>
           <xccdf:fix id="F-4542r88447_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3794" value-id="xccdf_mil.disa.stig_value_var_accounts_minimum_age_login_defs" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:455" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:455" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2709,7 +2709,7 @@ PASS_MIN_DAYS     1</xccdf:fixtext>
 # chage -m 1 [user]</xccdf:fixtext>
           <xccdf:fix id="F-4543r88450_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86551" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86551" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2739,7 +2739,7 @@ PASS_MAX_DAYS     60</xccdf:fixtext>
           <xccdf:fix id="F-4544r88453_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3793" value-id="xccdf_mil.disa.stig_value_var_accounts_maximum_age_login_defs" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:453" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:453" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2765,7 +2765,7 @@ PASS_MAX_DAYS     60</xccdf:fixtext>
 # chage -M 60 [user]</xccdf:fixtext>
           <xccdf:fix id="F-4545r88456_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86555" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86555" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2797,7 +2797,7 @@ Note: Manual changes to the listed files may be overwritten by the "authconfig"
           <xccdf:fix id="F-4546r88459_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3806" value-id="xccdf_mil.disa.stig_value_var_password_pam_unix_remember" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:486" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:486" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2829,7 +2829,7 @@ minlen = 15</xccdf:fixtext>
           <xccdf:fix id="F-4547r88462_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3802" value-id="xccdf_mil.disa.stig_value_var_password_pam_minlen" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:476" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:476" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2858,7 +2858,7 @@ Remove any instances of the "nullok" option in "/etc/pam.d/system-auth" and "/et
 Note: Manual changes to the listed files may be overwritten by the "authconfig" program. The "authconfig" program should not be used to update the configurations listed in this requirement.</xccdf:fixtext>
           <xccdf:fix id="F-4548r88465_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1229" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1229" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2887,7 +2887,7 @@ PermitEmptyPasswords no
 The SSH service must be restarted for changes to take effect.  Any accounts with empty passwords should be disabled immediately, and PAM configuration should prevent users from being able to assign themselves empty passwords.</xccdf:fixtext>
           <xccdf:fix id="F-4549r88468_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1375" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1375" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2919,14 +2919,14 @@ INACTIVE=35
 DoD recommendation is 35 days, but a lower value is acceptable. The value "-1" will disable this feature, and "0" will disable the account immediately after the password expires.</xccdf:fixtext>
           <xccdf:fix id="F-4550r809189_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:443" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:443" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204429">
         <xccdf:title>SRG-OS-000373-GPOS-00156</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204429r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204429r833190_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-010340</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must be configured so that users must provide a password for privilege escalation.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
@@ -2945,20 +2945,20 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
           <xccdf:ident system="http://cyber.mil/legacy">V-71947</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/legacy">SV-86571</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002038</xccdf:ident>
-          <xccdf:fixtext fixref="F-36303r602619_fix">Configure the operating system to require users to supply a password for privilege escalation.
+          <xccdf:fixtext fixref="F-36303r833189_fix">Configure the operating system to require users to supply a password for privilege escalation.
 
 Check the configuration of the "/etc/sudoers" file with the following command:
-# visudo
+$ sudo visudo
 
-Remove any occurrences of "NOPASSWD" tags in the file.   
+Remove any occurrences of "NOPASSWD" tags in the file.
 
 Check the configuration of the /etc/sudoers.d/* files with the following command:
-# grep -i nopasswd /etc/sudoers.d/*
+$ sudo grep -ir nopasswd /etc/sudoers.d
 
 Remove any occurrences of "NOPASSWD" tags in the file.</xccdf:fixtext>
-          <xccdf:fix id="F-36303r602619_fix" />
+          <xccdf:fix id="F-36303r833189_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:176" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:176" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -2997,7 +2997,7 @@ Check the configuration of the "/etc/sudoers.d/*" files with the following comma
 Remove any occurrences of "!authenticate" tags in the file(s).</xccdf:fixtext>
           <xccdf:fix id="F-4554r88483_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:173" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:173" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3029,7 +3029,7 @@ FAIL_DELAY 4</xccdf:fixtext>
           <xccdf:fix id="F-4555r88486_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3761" value-id="xccdf_mil.disa.stig_value_var_accounts_fail_delay" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:101" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:101" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3061,7 +3061,7 @@ Add or edit the line for the "AutomaticLoginEnable" parameter in the [daemon] se
 AutomaticLoginEnable=false</xccdf:fixtext>
           <xccdf:fix id="F-4556r88489_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1119" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1119" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3093,7 +3093,7 @@ Add or edit the line for the "TimedLoginEnable" parameter in the [daemon] sectio
 TimedLoginEnable=false</xccdf:fixtext>
           <xccdf:fix id="F-4557r88492_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1122" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1122" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3124,7 +3124,7 @@ PermitUserEnvironment no
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4558r88495_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1385" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1385" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3155,7 +3155,7 @@ HostbasedAuthentication no
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4559r88498_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1011" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1011" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3183,7 +3183,7 @@ Add or modify the "ExecStart" line in "/usr/lib/systemd/system/rescue.service" t
 ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"</xccdf:fixtext>
           <xccdf:fix id="F-4561r88504_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92519" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92519" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3214,7 +3214,7 @@ Enter password:
 Confirm password:</xccdf:fixtext>
           <xccdf:fix id="F-4562r744094_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95717" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95717" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3245,7 +3245,7 @@ Enter password:
 Confirm password:</xccdf:fixtext>
           <xccdf:fix id="F-4564r744097_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95719" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95719" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3278,7 +3278,7 @@ If a privileged user were to log on using this service, the privileged user pass
 # yum remove rsh-server</xccdf:fixtext>
           <xccdf:fix id="F-4566r88519_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1271" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1271" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3305,7 +3305,7 @@ If a privileged user were to log on using this service, the privileged user pass
 # yum remove ypserv</xccdf:fixtext>
           <xccdf:fix id="F-4567r88522_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1309" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1309" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3337,7 +3337,7 @@ Detecting such changes and providing an automated response can help avoid uninte
 /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root@sysname.mil</xccdf:fixtext>
           <xccdf:fix id="F-36304r602622_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:525" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:525" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3368,7 +3368,7 @@ Verifying the authenticity of the software prior to installation validates the i
 gpgcheck=1</xccdf:fixtext>
           <xccdf:fix id="F-4571r88534_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1027" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1027" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3399,7 +3399,7 @@ Verifying the authenticity of the software prior to installation validates the i
 localpkg_gpgcheck=1</xccdf:fixtext>
           <xccdf:fix id="F-4572r88537_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:110" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:110" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3443,7 +3443,7 @@ Add or update the line:
 blacklist usb-storage</xccdf:fixtext>
           <xccdf:fix id="F-4573r462538_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1141" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1141" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3483,7 +3483,7 @@ Add or update the line:
 blacklist dccp</xccdf:fixtext>
           <xccdf:fix id="F-4574r88543_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92517" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92517" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3519,7 +3519,7 @@ Turn off the automount service with the following commands:
 If "autofs" is required for Network File System (NFS), it must be documented with the ISSO.</xccdf:fixtext>
           <xccdf:fix id="F-4575r88546_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86609" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86609" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3548,7 +3548,7 @@ Set the "clean_requirements_on_remove" option to "1" in the "/etc/yum.conf" file
 clean_requirements_on_remove=1</xccdf:fixtext>
           <xccdf:fix id="F-4576r88549_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:108" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:108" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3578,7 +3578,7 @@ UMASK  077</xccdf:fixtext>
           <xccdf:fix id="F-4581r88564_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:4211" value-id="xccdf_mil.disa.stig_value_var_accounts_user_umask" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:518" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:518" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3605,7 +3605,7 @@ Red Hat offers the Extended Update Support (EUS) Add-On to a Red Hat Enterprise
           <xccdf:fixtext fixref="F-4582r462547_fix">Upgrade to a supported version of the operating system.</xccdf:fixtext>
           <xccdf:fix id="F-4582r462547_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:169" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:169" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3630,7 +3630,7 @@ Red Hat offers the Extended Update Support (EUS) Add-On to a Red Hat Enterprise
           <xccdf:fixtext fixref="F-4585r88576_fix">Configure the system to define all GIDs found in the "/etc/passwd" file by modifying the "/etc/group" file to add any non-existent group referenced in the "/etc/passwd" file, or change the GIDs referenced in the "/etc/passwd" file to a group that exists in "/etc/group".</xccdf:fixtext>
           <xccdf:fix id="F-4585r88576_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1117" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1117" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3657,7 +3657,7 @@ Red Hat offers the Extended Update Support (EUS) Add-On to a Red Hat Enterprise
 If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.</xccdf:fixtext>
           <xccdf:fix id="F-4586r88579_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:457" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:457" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3684,7 +3684,7 @@ If the account is associated with system commands or applications, the UID shoul
 CREATE_HOME yes</xccdf:fixtext>
           <xccdf:fix id="F-4590r88591_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:447" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:447" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3717,7 +3717,7 @@ Note: The example will be for the user smithj, who has a home directory of "/hom
 # chmod 0750 /home/smithj</xccdf:fixtext>
           <xccdf:fix id="F-4591r462550_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86639" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86639" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3742,7 +3742,7 @@ Note: The example will be for the user smithj, who has a home directory of "/hom
           <xccdf:fixtext fixref="F-4606r88639_fix">Configure the "/etc/fstab" to use the "nosuid" option on file systems that are being imported via NFS.</xccdf:fixtext>
           <xccdf:fix id="F-4606r88639_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1186" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1186" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3767,7 +3767,7 @@ Note: The example will be for the user smithj, who has a home directory of "/hom
           <xccdf:fixtext fixref="F-4607r88642_fix">Configure the "/etc/fstab" to use the "noexec" option on file systems that are being imported via NFS.</xccdf:fixtext>
           <xccdf:fix id="F-4607r88642_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1178" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1178" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3794,7 +3794,7 @@ The only authorized public directories are those temporary directories supplied
           <xccdf:fixtext fixref="F-36308r602634_fix">All directories in local partitions which are world-writable should be group-owned by root or another system account. If any world-writable directories are not group-owned by a system account, this should be investigated. Following this, the directories should be deleted or assigned to an appropriate group.</xccdf:fixtext>
           <xccdf:fix id="F-36308r602634_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1009" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1009" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3821,7 +3821,7 @@ The only authorized public directories are those temporary directories supplied
 # chown root /etc/cron.allow</xccdf:fixtext>
           <xccdf:fix id="F-4614r88663_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:116" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:116" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3848,7 +3848,7 @@ The only authorized public directories are those temporary directories supplied
 # chgrp root /etc/cron.allow</xccdf:fixtext>
           <xccdf:fix id="F-4615r88666_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:114" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:114" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3873,7 +3873,7 @@ The only authorized public directories are those temporary directories supplied
           <xccdf:fixtext fixref="F-4617r88672_fix">Migrate the "/home" directory onto a separate file system/partition.</xccdf:fixtext>
           <xccdf:fix id="F-4617r88672_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1311" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1311" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3898,7 +3898,7 @@ The only authorized public directories are those temporary directories supplied
           <xccdf:fixtext fixref="F-4618r88675_fix">Migrate the "/var" path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-4618r88675_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1315" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1315" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3922,7 +3922,7 @@ The only authorized public directories are those temporary directories supplied
           <xccdf:fixtext fixref="F-4619r88678_fix">Migrate the system audit data path onto a separate file system.</xccdf:fixtext>
           <xccdf:fix id="F-4619r88678_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1319" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1319" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -3953,7 +3953,7 @@ OR
 Edit the "/etc/fstab" file and ensure the "/tmp" directory is defined in the fstab with a device and mount point.</xccdf:fixtext>
           <xccdf:fix id="F-36309r602637_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86689" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86689" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4034,7 +4034,7 @@ If the file /etc/system-fips does not exists, recreate it:
 Reboot the system for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-36310r602640_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:126" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:126" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4065,7 +4065,7 @@ Examples of non-essential capabilities include, but are not limited to, games, s
 # yum remove telnet-server</xccdf:fixtext>
           <xccdf:fix id="F-4626r88699_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1292" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1292" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4101,7 +4101,7 @@ Enable the auditd service with the following command:
 # systemctl start auditd.service</xccdf:fixtext>
           <xccdf:fix id="F-36311r602643_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86703" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86703" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4152,7 +4152,7 @@ Kernel log monitoring must also be configured to properly alert designated staff
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4628r462467_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:776" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:776" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4190,7 +4190,7 @@ The audit daemon must be restarted for changes to take effect:
 # service auditd restart</xccdf:fixtext>
           <xccdf:fix id="F-4630r462470_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95729" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95729" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4226,7 +4226,7 @@ The audit daemon must be restarted for changes to take effect:
 # service auditd restart</xccdf:fixtext>
           <xccdf:fix id="F-36312r602646_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95731" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95731" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4262,7 +4262,7 @@ The audit daemon must be restarted for changes to take effect:
 # service auditd restart</xccdf:fixtext>
           <xccdf:fix id="F-36313r602649_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95733" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:95733" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4292,7 +4292,7 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224&lt;/VulnDiscussion
 Set the remote server option in "/etc/audisp/audisp-remote.conf" with the IP address of the log aggregation server.</xccdf:fixtext>
           <xccdf:fix id="F-4633r88720_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86707" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86707" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4324,7 +4324,7 @@ Uncomment the "enable_krb5" option in "/etc/audisp/audisp-remote.conf" and set i
 enable_krb5 = yes</xccdf:fixtext>
           <xccdf:fix id="F-4634r88723_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86709" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86709" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4353,7 +4353,7 @@ Uncomment or edit the "disk_full_action" option in "/etc/audisp/audisp-remote.co
 disk_full_action = single</xccdf:fixtext>
           <xccdf:fix id="F-36314r602652_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86711" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86711" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4382,7 +4382,7 @@ Uncomment the "network_failure_action" option in "/etc/audisp/audisp-remote.conf
 network_failure_action = syslog</xccdf:fixtext>
           <xccdf:fix id="F-36315r602655_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87815" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87815" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4410,7 +4410,7 @@ Uncomment or edit the "space_left_action" keyword in "/etc/audit/auditd.conf" an
 space_left_action = email</xccdf:fixtext>
           <xccdf:fix id="F-4638r88735_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86715" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86715" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4440,7 +4440,7 @@ action_mail_acct = root</xccdf:fixtext>
           <xccdf:fix id="F-4639r88738_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3821" value-id="xccdf_mil.disa.stig_value_var_auditd_action_mail_acct" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:885" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:885" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4473,7 +4473,7 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4640r88741_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:710" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:710" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4513,7 +4513,7 @@ Satisfies: SRG-OS-000064-GPOS-00033, SRG-OS-000392-GPOS-00172, SRG-OS-000458-GPO
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4641r809192_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:552" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:552" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4554,7 +4554,7 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4645r809771_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:546" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:546" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4595,7 +4595,7 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4648r809774_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:607" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:607" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4641,14 +4641,14 @@ Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4655r809814_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:805" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:805" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204536">
         <xccdf:title>SRG-OS-000392-GPOS-00172</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204536r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204536r833109_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030560</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the semanage command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -4670,23 +4670,23 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPO
           <xccdf:ident system="http://cyber.mil/legacy">V-72135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4660r462613_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "semanage" command occur.
+          <xccdf:fixtext fixref="F-4660r833108_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "semanage" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/semanage -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4660r462613_fix" />
+          <xccdf:fix id="F-4660r833108_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:618" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:618" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204537">
         <xccdf:title>SRG-OS-000392-GPOS-00172</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204537r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204537r833112_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030570</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the setsebool command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -4708,23 +4708,23 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPO
           <xccdf:ident system="http://cyber.mil/legacy">SV-86761</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4661r462616_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
+          <xccdf:fixtext fixref="F-4661r833111_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setsebool" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/setsebool -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4661r462616_fix" />
+          <xccdf:fix id="F-4661r833111_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:621" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:621" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204538">
         <xccdf:title>SRG-OS-000392-GPOS-00172</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204538r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204538r833115_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030580</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the chcon command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -4746,23 +4746,23 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPO
           <xccdf:ident system="http://cyber.mil/legacy">SV-86763</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4662r462619_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chcon" command occur.
+          <xccdf:fixtext fixref="F-4662r833114_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chcon" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/chcon -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4662r462619_fix" />
+          <xccdf:fix id="F-4662r833114_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:612" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:612" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204539">
         <xccdf:title>SRG-OS-000392-GPOS-00172</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204539r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204539r833118_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030590</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the setfiles command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -4783,16 +4783,16 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000463-GPOS-00207, SRG-OS-000465-GPO
           <xccdf:ident system="http://cyber.mil/legacy">SV-86765</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4663r462622_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
+          <xccdf:fixtext fixref="F-4663r833117_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "setfiles" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/setfiles -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4663r462622_fix" />
+          <xccdf:fix id="F-4663r833117_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86765" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86765" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4829,7 +4829,7 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4664r88813_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:675" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:675" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -4866,21 +4866,21 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4665r88816_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:676" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:676" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204542">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204542r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204542r833121_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030630</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the passwd command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged password commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
-When a user logs on, the auid is set to the uid of the account that is being authenticated.  Daemons are not user sessions and have the loginuid set to -1.  The auid representation is an unsigned 32-bit integer, which equals 4294967295.  The audit system interprets -1, 4294967295, and "unset" in the same way.
+When a user logs on, the auid is set to the uid of the account that is being authenticated. Daemons are not user sessions and have the loginuid set to -1. The auid representation is an unsigned 32-bit integer, which equals 4294967295. The audit system interprets -1, 4294967295, and "unset" in the same way.
 
 Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPOS-00215&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</xccdf:description>
           <xccdf:reference>
@@ -4896,23 +4896,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4666r462625_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "passwd" command occur.
+          <xccdf:fixtext fixref="F-4666r833120_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "passwd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/passwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4666r462625_fix" />
+          <xccdf:fix id="F-4666r833120_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:733" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:733" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204543">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204543r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204543r833124_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030640</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -4935,23 +4935,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4667r462628_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
+          <xccdf:fixtext fixref="F-4667r833123_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "unix_chkpwd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4667r462628_fix" />
+          <xccdf:fix id="F-4667r833123_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:760" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:760" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204544">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204544r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204544r833127_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030650</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -4974,23 +4974,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4668r462631_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
+          <xccdf:fixtext fixref="F-4668r833126_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "gpasswd" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/gpasswd -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4668r462631_fix" />
+          <xccdf:fix id="F-4668r833126_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:724" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:724" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204545">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204545r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204545r833130_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030660</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the chage command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5013,23 +5013,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4669r462634_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chage" command occur.
+          <xccdf:fixtext fixref="F-4669r833129_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chage" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/bin/chage -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4669r462634_fix" />
+          <xccdf:fix id="F-4669r833129_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:715" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:715" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204546">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204546r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204546r833133_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030670</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5052,23 +5052,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4670r462637_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
+          <xccdf:fixtext fixref="F-4670r833132_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "userhelper" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F path=/usr/sbin/userhelper -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
+-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-passwd
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4670r462637_fix" />
+          <xccdf:fix id="F-4670r833132_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:763" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:763" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204547">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204547r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204547r833136_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030680</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the su command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5092,23 +5092,23 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4671r462640_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "su" command occur.
+          <xccdf:fixtext fixref="F-4671r833135_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "su" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/su -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
+-a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4671r462640_fix" />
+          <xccdf:fix id="F-4671r833135_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:748" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:748" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204548">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204548r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204548r833139_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030690</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the sudo command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5132,16 +5132,16 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4672r462643_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "sudo" command occur.
+          <xccdf:fixtext fixref="F-4672r833138_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "sudo" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/sudo -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
+-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change 
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4672r462643_fix" />
+          <xccdf:fix id="F-4672r833138_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:751" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:751" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5181,14 +5181,14 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4673r88840_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:773" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:773" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204550">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204550r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204550r833142_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030710</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5212,23 +5212,23 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4674r462646_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
+          <xccdf:fixtext fixref="F-4674r833141_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "newgrp" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/newgrp -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4674r462646_fix" />
+          <xccdf:fix id="F-4674r833141_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:727" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:727" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204551">
         <xccdf:title>SRG-OS-000037-GPOS-00015</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204551r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204551r833145_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030720</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the chsh command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5252,23 +5252,23 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4675r462649_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chsh" command occur.
+          <xccdf:fixtext fixref="F-4675r833144_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "chsh" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/chsh -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
+-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-priv_change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4675r462649_fix" />
+          <xccdf:fix id="F-4675r833144_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:718" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:718" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204552">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204552r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204552r833148_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030740</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5290,25 +5290,25 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">SV-86795</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4676r462652_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
+          <xccdf:fixtext fixref="F-4676r833147_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "mount" command and syscall occur.
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
 -a always,exit -F arch=b32 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 -a always,exit -F arch=b64 -S mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
--a always,exit -F path=/usr/bin/mount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
+-a always,exit -F path=/usr/bin/mount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4676r462652_fix" />
+          <xccdf:fix id="F-4676r833147_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:686" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:686" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204553">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204553r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204553r833151_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030750</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the umount command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5330,23 +5330,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">SV-86797</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4677r462655_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "umount" command occur.
+          <xccdf:fixtext fixref="F-4677r833150_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "umount" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/umount -F auid&gt;=1000 -F auid!=unset -k privileged-mount
+-a always,exit -F path=/usr/bin/umount -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-mount
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4677r462655_fix" />
+          <xccdf:fix id="F-4677r833150_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:757" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:757" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204554">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204554r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204554r833154_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030760</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5368,23 +5368,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">SV-86799</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4678r462658_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
+          <xccdf:fixtext fixref="F-4678r833153_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postdrop" command occur.
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/postdrop -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4678r462658_fix" />
+          <xccdf:fix id="F-4678r833153_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:736" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:736" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204555">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204555r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204555r833157_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030770</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5406,23 +5406,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">V-72177</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4679r462661_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
+          <xccdf:fixtext fixref="F-4679r833156_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "postqueue" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/postqueue -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
+-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-postfix
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4679r462661_fix" />
+          <xccdf:fix id="F-4679r833156_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:739" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:739" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204556">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204556r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204556r833160_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030780</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5445,23 +5445,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4680r462664_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
+          <xccdf:fixtext fixref="F-4680r833159_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "ssh-keysign" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
+-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-ssh
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4680r462664_fix" />
+          <xccdf:fix id="F-4680r833159_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:745" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:745" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204557">
         <xccdf:title>SRG-OS-000042-GPOS-00020</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204557r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204557r833163_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030800</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the crontab command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
@@ -5484,23 +5484,23 @@ Satisfies: SRG-OS-000042-GPOS-00020, SRG-OS-000392-GPOS-00172, SRG-OS-000471-GPO
           <xccdf:ident system="http://cyber.mil/cci">CCI-000135</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-002884</xccdf:ident>
-          <xccdf:fixtext fixref="F-4681r462667_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
+          <xccdf:fixtext fixref="F-4681r833162_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "crontab" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/bin/crontab -F auid&gt;=1000 -F auid!=unset -k privileged-cron
+-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-cron
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4681r462667_fix" />
+          <xccdf:fix id="F-4681r833162_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:721" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:721" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204558">
         <xccdf:title>SRG-OS-000471-GPOS-00215</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204558r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204558r833166_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030810</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -5517,23 +5517,23 @@ When a user logs on, the auid is set to the uid of the account that is being aut
           <xccdf:ident system="http://cyber.mil/legacy">V-72185</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/legacy">SV-86809</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
-          <xccdf:fixtext fixref="F-4682r462670_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
+          <xccdf:fixtext fixref="F-4682r833165_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "pam_timestamp_check" command occur. 
 
 Add or update the following rule in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid&gt;=1000 -F auid!=unset -k privileged-pam
+-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=unset -k privileged-pam
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4682r462670_fix" />
+          <xccdf:fix id="F-4682r833165_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:730" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:730" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204559">
         <xccdf:title>SRG-OS-000471-GPOS-00216</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204559r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204559r833169_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030819</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the create_module syscall.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
@@ -5551,25 +5551,25 @@ Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">V-78999</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/legacy">SV-93705</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
-          <xccdf:fixtext fixref="F-4683r88870_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "create_module" syscall occur.
+          <xccdf:fixtext fixref="F-4683r833168_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "create_module" syscall occur.
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F arch=b32 -S create_module -k module-change
+-a always,exit -F arch=b32 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S create_module -k module-change
+-a always,exit -F arch=b64 -S create_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4683r88870_fix" />
+          <xccdf:fix id="F-4683r833168_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:93705" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:93705" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204560">
         <xccdf:title>SRG-OS-000471-GPOS-00216</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204560r809822_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204560r833172_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030820</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the init_module and finit_module syscalls.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
@@ -5590,25 +5590,25 @@ Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">V-72187</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/legacy">SV-86811</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
-          <xccdf:fixtext fixref="F-4684r809821_fix">Configure the operating system to generate audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
+          <xccdf:fixtext fixref="F-4684r833171_fix">Configure the operating system to generate audit records upon successful/unsuccessful attempts to use the "init_module" and "finit_module" syscalls. 
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
--a always,exit -F arch=b32 -S init_module,finit_module -k modulechange
+-a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
 
--a always,exit -F arch=b64 -S init_module,finit_module -k modulechange
+-a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=unset -k modulechange
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4684r809821_fix" />
+          <xccdf:fix id="F-4684r833171_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:657" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:657" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-204562">
         <xccdf:title>SRG-OS-000471-GPOS-00216</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204562r603261_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-204562r833175_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-030830</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must audit all uses of the delete_module syscall.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
@@ -5627,18 +5627,18 @@ Satisfies: SRG-OS-000471-GPOS-00216, SRG-OS-000477-GPOS-00222&lt;/VulnDiscussion
           <xccdf:ident system="http://cyber.mil/legacy">V-72189</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/legacy">SV-86813</xccdf:ident>
           <xccdf:ident system="http://cyber.mil/cci">CCI-000172</xccdf:ident>
-          <xccdf:fixtext fixref="F-4686r88879_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
+          <xccdf:fixtext fixref="F-4686r833174_fix">Configure the operating system to generate audit records when successful/unsuccessful attempts to use the "delete_module" syscall occur. 
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules": 
 
--a always,exit -F arch=b32 -S delete_module -k module-change
+-a always,exit -F arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
--a always,exit -F arch=b64 -S delete_module -k module-change
+-a always,exit -F arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=unset -k module-change
 
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
-          <xccdf:fix id="F-4686r88879_fix" />
+          <xccdf:fix id="F-4686r833174_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:658" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:658" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5674,7 +5674,7 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4687r462673_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86815" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86815" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5712,7 +5712,7 @@ Add or update the following rule "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4688r88885_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:875" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:875" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5748,7 +5748,7 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4689r88888_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:866" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:866" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5784,7 +5784,7 @@ Add or update the following rule in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4690r88891_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:869" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:869" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5820,7 +5820,7 @@ Add or update the following file system rule in "/etc/audit/rules.d/audit.rules"
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4691r88894_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:878" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:878" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5857,7 +5857,7 @@ The audit daemon must be restarted for the changes to take effect:
 # systemctl restart auditd</xccdf:fixtext>
           <xccdf:fix id="F-4692r744114_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:872" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:872" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5897,7 +5897,7 @@ Add the following rules in "/etc/audit/rules.d/audit.rules":
 The audit daemon must be restarted for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4696r809824_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:626" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:626" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5929,7 +5929,7 @@ Add the following line to the top of the /etc/security/limits.conf or in a ".con
           <xccdf:fix id="F-4700r88921_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3792" value-id="xccdf_mil.disa.stig_value_var_accounts_max_concurrent_login_sessions" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:449" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:449" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -5970,7 +5970,7 @@ Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4702r622306_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1399" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1399" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6005,7 +6005,7 @@ Create a script to enforce the inactivity timeout (for example /etc/profile.d/tm
 declare -xr TMOUT=900</xccdf:fixtext>
           <xccdf:fix id="F-4703r646843_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:510" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:510" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6037,7 +6037,7 @@ Issue the following command to make the changes take effect:
 # sysctl --system</xccdf:fixtext>
           <xccdf:fix id="F-4708r88945_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92521" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:92521" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6073,7 +6073,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
 # yum install openssh-server.x86_64</xccdf:fixtext>
           <xccdf:fix id="F-4709r88948_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:4248" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:4248" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6110,7 +6110,7 @@ The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4711r88954_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3866" value-id="xccdf_mil.disa.stig_value_sshd_idle_timeout_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1391" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1391" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6141,7 +6141,7 @@ RhostsRSAAuthentication no
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4712r88957_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1379" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1379" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6177,7 +6177,7 @@ ClientAliveCountMax 0
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4713r88960_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1393" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1393" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6206,7 +6206,7 @@ Add the following line in "/etc/ssh/sshd_config", or uncomment the line and set
 IgnoreRhosts yes</xccdf:fixtext>
           <xccdf:fix id="F-4714r88963_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1377" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1377" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6237,7 +6237,7 @@ PrintLastLog yes
 The SSH service must be restarted for changes to "sshd_config" to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4715r88966_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:166" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:166" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6268,7 +6268,7 @@ PermitRootLogin no
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4716r88969_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1381" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1381" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6299,7 +6299,7 @@ IgnoreUserKnownHosts yes
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4717r88972_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1383" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1383" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6331,7 +6331,7 @@ Protocol 2
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4718r88975_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1373" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1373" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6362,7 +6362,7 @@ MACs hmac-sha2-512,hmac-sha2-256
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4719r622309_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:168" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:168" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6391,7 +6391,7 @@ Change the mode of public host key files under "/etc/ssh" to "0644" with the fol
 # chmod 0644 /etc/ssh/*.key.pub</xccdf:fixtext>
           <xccdf:fix id="F-4720r88981_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:120" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:120" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6418,7 +6418,7 @@ Change the mode of public host key files under "/etc/ssh" to "0644" with the fol
 # chmod 0600 /path/to/file/ssh_host*key</xccdf:fixtext>
           <xccdf:fix id="F-4721r792833_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:118" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:118" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6452,7 +6452,7 @@ The SSH service must be restarted for changes to take effect.
 If GSSAPI authentication is required, it must be documented, to include the location of the configuration file, with the ISSO.</xccdf:fixtext>
           <xccdf:fix id="F-4722r88987_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:160" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:160" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6487,7 +6487,7 @@ The SSH service must be restarted for changes to take effect.
 If Kerberos authentication is required, it must be documented, to include the location of the configuration file, with the ISSO.</xccdf:fixtext>
           <xccdf:fix id="F-4723r88990_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:162" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:162" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6516,7 +6516,7 @@ StrictModes yes
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4724r88993_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:164" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:164" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6545,7 +6545,7 @@ UsePrivilegeSeparation sandbox
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4725r88996_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:171" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:171" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6573,7 +6573,7 @@ Compression no
 The SSH service must be restarted for changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-4726r88999_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:158" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:158" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6601,7 +6601,7 @@ Add the following line to the top of "/etc/pam.d/postlogin":
 session required pam_lastlog.so showfailed</xccdf:fixtext>
           <xccdf:fix id="F-4729r89008_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1020" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1020" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6627,7 +6627,7 @@ session required pam_lastlog.so showfailed</xccdf:fixtext>
 # rm /[path]/[to]/[file]/.shosts</xccdf:fixtext>
           <xccdf:fix id="F-4730r89011_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86901" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86901" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6653,7 +6653,7 @@ session required pam_lastlog.so showfailed</xccdf:fixtext>
 # rm /[path]/[to]/[file]/shosts.equiv</xccdf:fixtext>
           <xccdf:fix id="F-4731r89014_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86903" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:86903" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6685,7 +6685,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4733r89020_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3771" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv4_conf_all_accept_source_route_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:251" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:251" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6717,7 +6717,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4736r89029_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3776" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv4_conf_default_accept_source_route_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:269" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:269" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6749,7 +6749,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4737r89032_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3780" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:284" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:284" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6781,7 +6781,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4738r89035_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3775" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv4_conf_default_accept_redirects_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:266" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:266" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6813,7 +6813,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4739r89038_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3770" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv4_conf_all_accept_redirects_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:248" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:248" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6846,7 +6846,7 @@ Issue the following command to make the changes take effect:
 # sysctl --system</xccdf:fixtext>
           <xccdf:fix id="F-4740r89041_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:281" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:281" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6879,7 +6879,7 @@ Issue the following command to make the changes take effect:
 # sysctl --system</xccdf:fixtext>
           <xccdf:fix id="F-4741r89044_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:263" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:263" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6905,7 +6905,7 @@ Issue the following command to make the changes take effect:
 # yum remove vsftpd</xccdf:fixtext>
           <xccdf:fix id="F-4744r89053_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1301" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1301" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6936,7 +6936,7 @@ Issue the following command to make the changes take effect:
 # yum remove tftp-server</xccdf:fixtext>
           <xccdf:fix id="F-4745r89056_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1296" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1296" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -6969,7 +6969,7 @@ The SSH service must be restarted for changes to take effect:
 # systemctl restart sshd</xccdf:fixtext>
           <xccdf:fix id="F-4746r622312_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1389" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1389" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7002,7 +7002,7 @@ $ sudo yum remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-ut
 A reboot is required for the changes to take effect.</xccdf:fixtext>
           <xccdf:fix id="F-36316r646846_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1305" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1305" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7033,7 +7033,7 @@ Issue the following command to make the changes take effect:
 # sysctl --system</xccdf:fixtext>
           <xccdf:fix id="F-4749r89068_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:290" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:290" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7058,7 +7058,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fixtext fixref="F-4751r89074_fix">If the "/etc/snmp/snmpd.conf" file exists, modify any lines that contain a community string value of "public" or "private" to another string value.</xccdf:fixtext>
           <xccdf:fix id="F-4751r89074_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1369" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1369" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7090,7 +7090,7 @@ Issue the following command to make the changes take effect:
           <xccdf:fix id="F-4754r89083_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
             <xccdf:check-export export-name="oval:mil.disa.stig.rhel7:var:3785" value-id="xccdf_mil.disa.stig_value_sysctl_net_ipv6_conf_all_accept_source_route_value" />
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:303" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:303" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7130,7 +7130,7 @@ Install the pam_pkcs11 package with the following command:
 # yum install pam_pkcs11</xccdf:fixtext>
           <xccdf:fix id="F-4755r462473_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87041" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87041" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7169,7 +7169,7 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000375-GPOS-00161, SRG-OS-000375-GPO
 Modify all of the services lines in "/etc/sssd/sssd.conf" or in configuration files found under "/etc/sssd/conf.d" to include pam.</xccdf:fixtext>
           <xccdf:fix id="F-4756r89089_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1405" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1405" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7207,7 +7207,7 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000375-GPOS-00161, SRG-OS-000375-GPO
 Modify all of the "cert_policy" lines in "/etc/pam_pkcs11/pam_pkcs11.conf" to include "ocsp_on".</xccdf:fixtext>
           <xccdf:fix id="F-4757r89092_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87057" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:87057" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7244,7 +7244,7 @@ Alternatively, the package can be reinstalled from trusted media using the comma
 # sudo rpm -Uvh &lt;packagename&gt;</xccdf:fixtext>
           <xccdf:fix id="F-15997r192363_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1340" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:1340" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
@@ -7268,14 +7268,14 @@ ALL     ALL=(ALL) ALL
 ALL     ALL=(ALL:ALL) ALL</xccdf:fixtext>
           <xccdf:fix id="F-40815r646849_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:177" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:177" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-237634">
         <xccdf:title>SRG-OS-000480-GPOS-00227</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-237634r809213_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-237634r833177_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-010342</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
@@ -7294,14 +7294,14 @@ Defaults !rootpw
 Defaults !runaspw</xccdf:fixtext>
           <xccdf:fix id="F-40816r646852_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:178" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:178" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
       <xccdf:Group id="xccdf_mil.disa.stig_group_V-237635">
         <xccdf:title>SRG-OS-000373-GPOS-00156</xccdf:title>
         <xccdf:description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</xccdf:description>
-        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-237635r809215_rule" weight="10.0" severity="medium">
+        <xccdf:Rule id="xccdf_mil.disa.stig_rule_SV-237635r833179_rule" weight="10.0" severity="medium">
           <xccdf:version update="http://iase.disa.mil/stigs">RHEL-07-010343</xccdf:version>
           <xccdf:title>The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.</xccdf:title>
           <xccdf:description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
@@ -7326,18 +7326,18 @@ Defaults timestamp_timeout=[value]
 Note: The "[value]" must be a number that is greater than or equal to "0".</xccdf:fixtext>
           <xccdf:fix id="F-40817r646855_fix" />
           <xccdf:check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:179" href="U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" />
+            <xccdf:check-content-ref name="oval:mil.disa.stig.rhel7:def:179" href="U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" />
           </xccdf:check>
         </xccdf:Rule>
       </xccdf:Group>
     </xccdf:Benchmark>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-oval.xml" timestamp="2022-03-28T12:32:37">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-oval.xml" timestamp="2022-06-28T15:26:15">
     <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">
       <generator>
         <oval:product_name>repotool</oval:product_name>
         <oval:schema_version>5.10</oval:schema_version>
-        <oval:timestamp>2022-03-28T12:32:37</oval:timestamp>
+        <oval:timestamp>2022-06-28T15:26:15</oval:timestamp>
       </generator>
       <definitions>
         <definition class="inventory" id="oval:mil.disa.stig.rhel7:def:1" version="2">
@@ -7711,7 +7711,7 @@ By specifying a hash algorithm list with the order of hashes being in a "stronge
             <criterion comment="ALL is not configured in /etc/sudoers.d" test_ref="oval:mil.disa.stig.rhel7:tst:17701" />
           </criteria>
         </definition>
-        <definition class="compliance" id="oval:mil.disa.stig.rhel7:def:178" version="2">
+        <definition class="compliance" id="oval:mil.disa.stig.rhel7:def:178" version="3">
           <metadata>
             <title>RHEL-07-010342 - The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".</title>
             <affected family="unix">
@@ -7721,21 +7721,21 @@ By specifying a hash algorithm list with the order of hashes being in a "stronge
 For more information on each of the listed configurations, reference the sudoers(5) manual page.</description>
           </metadata>
           <criteria operator="AND">
-            <criteria operator="ONE">
+            <criteria operator="OR">
               <criterion comment="Defaults !targetpw is configured in /etc/sudoers" test_ref="oval:mil.disa.stig.rhel7:tst:17800" />
               <criterion comment="Defaults !targetpw is configured in /etc/sudoers.d" test_ref="oval:mil.disa.stig.rhel7:tst:17801" />
             </criteria>
-            <criteria operator="ONE">
+            <criteria operator="OR">
               <criterion comment="Defaults !rootpw is configured in /etc/sudoers" test_ref="oval:mil.disa.stig.rhel7:tst:17802" />
               <criterion comment="Defaults !rootpw is configured in /etc/sudoers.d" test_ref="oval:mil.disa.stig.rhel7:tst:17803" />
             </criteria>
-            <criteria operator="ONE">
+            <criteria operator="OR">
               <criterion comment="Defaults !runaspw is configured in /etc/sudoers" test_ref="oval:mil.disa.stig.rhel7:tst:17804" />
               <criterion comment="Defaults !runaspw is configured in /etc/sudoers.d" test_ref="oval:mil.disa.stig.rhel7:tst:17805" />
             </criteria>
           </criteria>
         </definition>
-        <definition class="compliance" id="oval:mil.disa.stig.rhel7:def:179" version="2">
+        <definition class="compliance" id="oval:mil.disa.stig.rhel7:def:179" version="3">
           <metadata>
             <title>RHEL-07-010343 - The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.</title>
             <affected family="unix">
@@ -7747,9 +7747,8 @@ When operating systems provide the capability to escalate a functional capabilit
 
 If the value is set to an integer less than 0, the user's time stamp will not expire and the user will not have to re-authenticate for privileged actions until the user's session is terminated.</description>
           </metadata>
-          <criteria operator="ONE">
-            <criterion comment="Defaults timestamp_timeout is configured in /etc/sudoers" test_ref="oval:mil.disa.stig.rhel7:tst:17900" />
-            <criterion comment="Defaults timestamp_timeout is configured in /etc/sudoers.d" test_ref="oval:mil.disa.stig.rhel7:tst:17901" />
+          <criteria>
+            <criterion comment="Defaults timestamp_timeout is configured in /etc/sudoers or /etc/sudoers.d/" test_ref="oval:mil.disa.stig.rhel7:tst:17900" />
           </criteria>
         </definition>
         <definition class="compliance" id="oval:mil.disa.stig.rhel7:def:248" version="4">
@@ -12114,30 +12113,26 @@ The ability to enable/disable a session lock is given to the user by default. Di
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="none_exist" comment="ALL does not exist in /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17701" version="1">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17701" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !targetpw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17800" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !targetpw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17800" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17800" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !targetpw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17801" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !targetpw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17801" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17801" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !rootpw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17802" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !rootpw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17802" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17802" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !rootpw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17803" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !rootpw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17803" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17803" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !runaspw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17804" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !runaspw is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17804" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17804" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults !runaspw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17805" version="2">
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Defaults !runaspw is configured in  /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17805" version="3">
           <object object_ref="oval:mil.disa.stig.rhel7:obj:17805" />
         </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults timestamp_timeout is configured in /etc/sudoers" id="oval:mil.disa.stig.rhel7:tst:17900" version="3">
-          <object object_ref="oval:mil.disa.stig.rhel7:obj:17900" />
-          <state state_ref="oval:mil.disa.stig.rhel7:ste:17900" />
-        </textfilecontent54_test>
-        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="only_one_exists" comment="Defaults timestamp_timeout is configured in /etc/sudoers.d" id="oval:mil.disa.stig.rhel7:tst:17901" version="3">
-          <object object_ref="oval:mil.disa.stig.rhel7:obj:17901" />
+        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" comment="Defaults timestamp_timeout is configured in /etc/sudoers or /etc/sudoers.d/" id="oval:mil.disa.stig.rhel7:tst:17900" version="4">
+          <object object_ref="oval:mil.disa.stig.rhel7:obj:17902" />
           <state state_ref="oval:mil.disa.stig.rhel7:ste:17900" />
         </textfilecontent54_test>
         <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="Test if remember attribute of pam_unix.so is set correctly in /etc/pam.d/password-auth" id="oval:mil.disa.stig.rhel7:tst:48700" version="1">
@@ -14366,50 +14361,58 @@ The ability to enable/disable a session lock is given to the user by default. Di
           <pattern operation="pattern match">^\s*ALL\s+ALL\=\(ALL(?:|\:ALL)\)\s+ALL\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17800" version="2">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17800" version="3">
           <filepath>/etc/sudoers</filepath>
-          <pattern operation="pattern match">^\s*Defaults\s+\!targetpw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!targetpw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17801" version="2">
-          <path>/etc/sudoers.d</path>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17801" version="4">
+          <path operation="pattern match">^/etc/sudoers\.d.*</path>
           <filename operation="pattern match">^.*$</filename>
-          <pattern operation="pattern match">^\s*Defaults\s+\!targetpw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!targetpw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17802" version="2">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17802" version="3">
           <filepath>/etc/sudoers</filepath>
-          <pattern operation="pattern match">^\s*Defaults\s+\!rootpw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!rootpw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17803" version="2">
-          <path>/etc/sudoers.d</path>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17803" version="4">
+          <path operation="pattern match">^/etc/sudoers\.d.*</path>
           <filename operation="pattern match">^.*$</filename>
-          <pattern operation="pattern match">^\s*Defaults\s+\!rootpw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!rootpw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17804" version="2">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17804" version="3">
           <filepath>/etc/sudoers</filepath>
-          <pattern operation="pattern match">^\s*Defaults\s+\!runaspw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!runaspw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17805" version="2">
-          <path>/etc/sudoers.d</path>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17805" version="4">
+          <path operation="pattern match">^/etc/sudoers\.d.*</path>
           <filename operation="pattern match">^.*$</filename>
-          <pattern operation="pattern match">^\s*Defaults\s+\!runaspw\s*$</pattern>
+          <pattern operation="pattern match">^\s*(?i)Defaults\s+\!runaspw\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17900" version="2">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17900" version="5">
+          <behaviors ignore_case="true" />
           <filepath>/etc/sudoers</filepath>
-          <pattern operation="pattern match">^\s*Defaults\s+timestamp_timeout\s*=\s*(\d+)\s*$</pattern>
+          <pattern operation="pattern match">^\s*Defaults\s+timestamp_timeout\s*=\s*([-\d]+)\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
-        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17901" version="2">
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:17901" version="7">
+          <behaviors ignore_case="true" max_depth="-1" recurse_direction="down" />
           <path>/etc/sudoers.d</path>
           <filename operation="pattern match">^.*$</filename>
-          <pattern operation="pattern match">^\s*Defaults\s+timestamp_timeout\s*=\s*(\d+)\s*$</pattern>
+          <pattern operation="pattern match">^\s*Defaults\s+timestamp_timeout\s*=\s*([-\d]+)\s*$</pattern>
           <instance datatype="int">1</instance>
         </textfilecontent54_object>
+        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/etc/sudoer and all of /etc/sudoers.d/" id="oval:mil.disa.stig.rhel7:obj:17902" version="2">
+          <set xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" set_operator="UNION">
+            <object_reference>oval:mil.disa.stig.rhel7:obj:17900</object_reference>
+            <object_reference>oval:mil.disa.stig.rhel7:obj:17901</object_reference>
+          </set>
+        </textfilecontent54_object>
         <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:68600" version="5" comment="augenrules audit /bin/mount commands">
           <path operation="equals">/etc/audit/rules.d</path>
           <filename operation="pattern match">.*\.rules$</filename>
@@ -15430,12 +15433,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
       </variables>
     </oval_definitions>
   </component>
-  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R7_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" timestamp="2022-03-28T12:32:37">
+  <component id="scap_mil.disa.stig_comp_U_RHEL_7_V3R8_STIG_SCAP_1-2_Benchmark-cpe-oval.xml" timestamp="2022-06-28T15:26:15">
     <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">
       <generator>
         <oval:product_name>repotool</oval:product_name>
         <oval:schema_version>5.10</oval:schema_version>
-        <oval:timestamp>2022-03-28T12:32:37</oval:timestamp>
+        <oval:timestamp>2022-06-28T15:26:15</oval:timestamp>
       </generator>
       <definitions>
         <definition class="inventory" id="oval:mil.disa.stig.rhel7:def:1" version="2">
-- 
2.37.2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation