From 8ccc32a21cf0fff0b1b0e44b1bf20ca9ac4deae7 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Tue, 5 Nov 2024 16:08:10 +0200
Subject: [PATCH 1/6] Update SLE12 STIG to V3R1

---
 products/sle12/profiles/stig.profile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
index 2471dcbb6c8..56ea042d6fb 100644
--- a/products/sle12/profiles/stig.profile
+++ b/products/sle12/profiles/stig.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
-    version: V2R13
+    version: V3R1
     SMEs:
         - abergmann
 
@@ -11,7 +11,7 @@ title: 'DISA STIG for SUSE Linux Enterprise 12'
 
 description: |-
     This profile contains configuration checks that align to the
-    DISA STIG for SUSE Linux Enterprise 12 V2R13.
+    DISA STIG for SUSE Linux Enterprise 12 V3R1.
 
 selections:
     - sshd_approved_macs=stig

From a18573b76be1fa9a318585a9d0f426c9ebfcc08e Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Tue, 5 Nov 2024 16:09:55 +0200
Subject: [PATCH 2/6] Update SLE12 DISA STIG manual to V3R1

---
 ... => disa-stig-sle12-v3r1-xccdf-manual.xml} | 588 +++++++++---------
 1 file changed, 278 insertions(+), 310 deletions(-)
 rename shared/references/{disa-stig-sle12-v2r13-xccdf-manual.xml => disa-stig-sle12-v3r1-xccdf-manual.xml} (82%)

diff --git a/shared/references/disa-stig-sle12-v2r13-xccdf-manual.xml b/shared/references/disa-stig-sle12-v3r1-xccdf-manual.xml
similarity index 82%
rename from shared/references/disa-stig-sle12-v2r13-xccdf-manual.xml
rename to shared/references/disa-stig-sle12-v3r1-xccdf-manual.xml
index 3985b3361bd..2af7feb6982 100644
--- a/shared/references/disa-stig-sle12-v2r13-xccdf-manual.xml
+++ b/shared/references/disa-stig-sle12-v3r1-xccdf-manual.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="SLES_12_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2023-12-01">accepted</status><title>SLES 12 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 13 Benchmark Date: 24 Jan 2024</plain-text><plain-text id="generator">3.4.1.22916</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>2</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217132" selected="true" /><select idref="V-217133" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222385" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Group id="V-217101"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217101r603262_rule" weight="10.0" severity="high"><version>SLES-12-010000</version><title>The SUSE operating system must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;A SUSE operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77045</ident><ident system="http://cyber.mil/legacy">SV-91741</ident><ident system="http://cyber.mil/cci">CCI-001230</ident><fixtext fixref="F-18327r369460_fix">Upgrade the SUSE operating system to a version supported by the vendor. If the system is not registered with the SUSE Customer Center, register the system against the correct subscription.
+<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="SLES_12_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2024-08-22">accepted</status><title>SLES 12 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 1 Benchmark Date: 24 Oct 2024</plain-text><plain-text id="generator">3.5</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>3</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-217101" selected="true" /><select idref="V-217102" selected="true" /><select idref="V-217103" selected="true" /><select idref="V-217104" selected="true" /><select idref="V-217105" selected="true" /><select idref="V-217106" selected="true" /><select idref="V-217107" selected="true" /><select idref="V-217108" selected="true" /><select idref="V-217109" selected="true" /><select idref="V-217110" selected="true" /><select idref="V-217111" selected="true" /><select idref="V-217112" selected="true" /><select idref="V-217113" selected="true" /><select idref="V-217114" selected="true" /><select idref="V-217116" selected="true" /><select idref="V-217117" selected="true" /><select idref="V-217118" selected="true" /><select idref="V-217119" selected="true" /><select idref="V-217120" selected="true" /><select idref="V-217121" selected="true" /><select idref="V-217122" selected="true" /><select idref="V-217123" selected="true" /><select idref="V-217124" selected="true" /><select idref="V-217125" selected="true" /><select idref="V-217126" selected="true" /><select idref="V-217127" selected="true" /><select idref="V-217128" selected="true" /><select idref="V-217129" selected="true" /><select idref="V-217130" selected="true" /><select idref="V-217131" selected="true" /><select idref="V-217134" selected="true" /><select idref="V-217135" selected="true" /><select idref="V-217136" selected="true" /><select idref="V-217138" selected="true" /><select idref="V-217139" selected="true" /><select idref="V-217140" selected="true" /><select idref="V-217141" selected="true" /><select idref="V-217142" selected="true" /><select idref="V-217143" selected="true" /><select idref="V-217144" selected="true" /><select idref="V-217145" selected="true" /><select idref="V-217146" selected="true" /><select idref="V-217147" selected="true" /><select idref="V-217148" selected="true" /><select idref="V-217149" selected="true" /><select idref="V-217150" selected="true" /><select idref="V-217151" selected="true" /><select idref="V-217152" selected="true" /><select idref="V-217153" selected="true" /><select idref="V-217154" selected="true" /><select idref="V-217155" selected="true" /><select idref="V-217156" selected="true" /><select idref="V-217158" selected="true" /><select idref="V-217159" selected="true" /><select idref="V-217160" selected="true" /><select idref="V-217161" selected="true" /><select idref="V-217162" selected="true" /><select idref="V-217163" selected="true" /><select idref="V-217164" selected="true" /><select idref="V-217166" selected="true" /><select idref="V-217167" selected="true" /><select idref="V-217168" selected="true" /><select idref="V-217169" selected="true" /><select idref="V-217170" selected="true" /><select idref="V-217171" selected="true" /><select idref="V-217172" selected="true" /><select idref="V-217173" selected="true" /><select idref="V-217174" selected="true" /><select idref="V-217175" selected="true" /><select idref="V-217176" selected="true" /><select idref="V-217177" selected="true" /><select idref="V-217178" selected="true" /><select idref="V-217179" selected="true" /><select idref="V-217180" selected="true" /><select idref="V-217181" selected="true" /><select idref="V-217182" selected="true" /><select idref="V-217183" selected="true" /><select idref="V-217184" selected="true" /><select idref="V-217185" selected="true" /><select idref="V-217186" selected="true" /><select idref="V-217188" selected="true" /><select idref="V-217189" selected="true" /><select idref="V-217190" selected="true" /><select idref="V-217191" selected="true" /><select idref="V-217192" selected="true" /><select idref="V-217193" selected="true" /><select idref="V-217194" selected="true" /><select idref="V-217195" selected="true" /><select idref="V-217196" selected="true" /><select idref="V-217197" selected="true" /><select idref="V-217198" selected="true" /><select idref="V-217199" selected="true" /><select idref="V-217200" selected="true" /><select idref="V-217201" selected="true" /><select idref="V-217202" selected="true" /><select idref="V-217203" selected="true" /><select idref="V-217204" selected="true" /><select idref="V-217205" selected="true" /><select idref="V-217206" selected="true" /><select idref="V-217207" selected="true" /><select idref="V-217208" selected="true" /><select idref="V-217209" selected="true" /><select idref="V-217210" selected="true" /><select idref="V-217211" selected="true" /><select idref="V-217212" selected="true" /><select idref="V-217213" selected="true" /><select idref="V-217214" selected="true" /><select idref="V-217215" selected="true" /><select idref="V-217216" selected="true" /><select idref="V-217217" selected="true" /><select idref="V-217218" selected="true" /><select idref="V-217223" selected="true" /><select idref="V-217227" selected="true" /><select idref="V-217230" selected="true" /><select idref="V-217236" selected="true" /><select idref="V-217237" selected="true" /><select idref="V-217238" selected="true" /><select idref="V-217239" selected="true" /><select idref="V-217240" selected="true" /><select idref="V-217241" selected="true" /><select idref="V-217242" selected="true" /><select idref="V-217243" selected="true" /><select idref="V-217244" selected="true" /><select idref="V-217245" selected="true" /><select idref="V-217246" selected="true" /><select idref="V-217247" selected="true" /><select idref="V-217248" selected="true" /><select idref="V-217249" selected="true" /><select idref="V-217250" selected="true" /><select idref="V-217251" selected="true" /><select idref="V-217252" selected="true" /><select idref="V-217253" selected="true" /><select idref="V-217254" selected="true" /><select idref="V-217255" selected="true" /><select idref="V-217257" selected="true" /><select idref="V-217258" selected="true" /><select idref="V-217260" selected="true" /><select idref="V-217261" selected="true" /><select idref="V-217262" selected="true" /><select idref="V-217263" selected="true" /><select idref="V-217264" selected="true" /><select idref="V-217265" selected="true" /><select idref="V-217266" selected="true" /><select idref="V-217267" selected="true" /><select idref="V-217268" selected="true" /><select idref="V-217269" selected="true" /><select idref="V-217270" selected="true" /><select idref="V-217271" selected="true" /><select idref="V-217272" selected="true" /><select idref="V-217273" selected="true" /><select idref="V-217274" selected="true" /><select idref="V-217275" selected="true" /><select idref="V-217276" selected="true" /><select idref="V-217277" selected="true" /><select idref="V-217278" selected="true" /><select idref="V-217279" selected="true" /><select idref="V-217280" selected="true" /><select idref="V-217281" selected="true" /><select idref="V-217282" selected="true" /><select idref="V-217283" selected="true" /><select idref="V-217284" selected="true" /><select idref="V-217285" selected="true" /><select idref="V-217286" selected="true" /><select idref="V-217287" selected="true" /><select idref="V-217288" selected="true" /><select idref="V-217289" selected="true" /><select idref="V-217290" selected="true" /><select idref="V-217291" selected="true" /><select idref="V-217292" selected="true" /><select idref="V-217293" selected="true" /><select idref="V-217294" selected="true" /><select idref="V-217295" selected="true" /><select idref="V-217296" selected="true" /><select idref="V-217297" selected="true" /><select idref="V-217298" selected="true" /><select idref="V-217299" selected="true" /><select idref="V-217300" selected="true" /><select idref="V-217301" selected="true" /><select idref="V-217302" selected="true" /><select idref="V-222386" selected="true" /><select idref="V-233308" selected="true" /><select idref="V-237603" selected="true" /><select idref="V-237604" selected="true" /><select idref="V-237605" selected="true" /><select idref="V-237606" selected="true" /><select idref="V-237607" selected="true" /><select idref="V-237608" selected="true" /><select idref="V-237609" selected="true" /><select idref="V-237610" selected="true" /><select idref="V-237611" selected="true" /><select idref="V-237612" selected="true" /><select idref="V-237613" selected="true" /><select idref="V-237614" selected="true" /><select idref="V-237615" selected="true" /><select idref="V-237616" selected="true" /><select idref="V-237617" selected="true" /><select idref="V-237618" selected="true" /><select idref="V-237619" selected="true" /><select idref="V-237620" selected="true" /><select idref="V-237621" selected="true" /><select idref="V-237622" selected="true" /><select idref="V-237623" selected="true" /><select idref="V-251719" selected="true" /><select idref="V-251720" selected="true" /><select idref="V-251721" selected="true" /><select idref="V-251722" selected="true" /><select idref="V-255914" selected="true" /><select idref="V-255915" selected="true" /><select idref="V-255916" selected="true" /><select idref="V-256980" selected="true" /><select idref="V-256981" selected="true" /></Profile><Group id="V-217101"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217101r991589_rule" weight="10.0" severity="high"><version>SLES-12-010000</version><title>The SUSE operating system must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;A SUSE operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77045</ident><ident system="http://cyber.mil/legacy">SV-91741</ident><ident system="http://cyber.mil/cci">CCI-001230</ident><fixtext fixref="F-18327r369460_fix">Upgrade the SUSE operating system to a version supported by the vendor. If the system is not registered with the SUSE Customer Center, register the system against the correct subscription.
 
 If the system requires Long-Term Service Pack Support (LTSS), obtain the correct LTSS subscription for the system.</fixtext><fix id="F-18327r369460_fix" /><check system="C-18329r369459_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system is a vendor-supported release.
 
@@ -13,7 +13,7 @@ VERSION="12"
 Current End of Life for SLES 12 General Support is 31 Oct 2024 and Long-term Support is until 31 Oct 2027.
 
 If the release is not supported by the vendor, this is a finding.
-</check-content></check></Rule></Group><Group id="V-217102"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217102r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010010</version><title>Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.</title><description>&lt;VulnDiscussion&gt;Timely patching is critical for maintaining the operational availability, confidentiality, and integrity of information technology (IT) systems. However, failure to keep SUSE operating system and application software patched is a common mistake made by IT professionals. New patches are released frequently, and it is often difficult for even experienced System Administrators (SAs) to keep abreast of all the new patches. When new weaknesses in a SUSE operating system exist, patches are usually made available by the vendor to resolve the problems. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77047</ident><ident system="http://cyber.mil/legacy">SV-91743</ident><ident system="http://cyber.mil/cci">CCI-001227</ident><fixtext fixref="F-18328r369463_fix">Install the applicable SUSE operating system patches available from SUSE by running the following command:
+</check-content></check></Rule></Group><Group id="V-217102"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217102r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010010</version><title>Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.</title><description>&lt;VulnDiscussion&gt;Timely patching is critical for maintaining the operational availability, confidentiality, and integrity of information technology (IT) systems. However, failure to keep SUSE operating system and application software patched is a common mistake made by IT professionals. New patches are released frequently, and it is often difficult for even experienced System Administrators (SAs) to keep abreast of all the new patches. When new weaknesses in a SUSE operating system exist, patches are usually made available by the vendor to resolve the problems. If the most recent security patches and updates are not installed, unauthorized users may take advantage of weaknesses in the unpatched software. The lack of prompt attention to patching could result in a system compromise.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77047</ident><ident system="http://cyber.mil/legacy">SV-91743</ident><ident system="http://cyber.mil/cci">CCI-001227</ident><fixtext fixref="F-18328r369463_fix">Install the applicable SUSE operating system patches available from SUSE by running the following command:
 
 # sudo zypper patch</fixtext><fix id="F-18328r369463_fix" /><check system="C-18330r369462_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system security patches and updates are installed and up to date.
 
@@ -33,7 +33,7 @@ If the patch repository data is corrupt check that the available package securit
 2016-12-14 11:59:36 | install | pam_apparmor | 2.8.0-2.4.1
 2016-12-14 11:59:36 | install | pam_apparmor-32bit | 2.8.0-2.4.1
 
-If the SUSE operating system has not been patched within the site or PMO frequency, this is a finding.</check-content></check></Rule></Group><Group id="V-217103"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217103r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010020</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+If the SUSE operating system has not been patched within the site or PMO frequency, this is a finding.</check-content></check></Rule></Group><Group id="V-217103"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217103r958390_rule" weight="10.0" severity="medium"><version>SLES-12-010020</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
@@ -87,7 +87,7 @@ sleep 1;
 exit 1;
 fi
 
-If the beginning of the file does not contain the above text immediately after the line (#!/bin/sh), this is a finding.</check-content></check></Rule></Group><Group id="V-217104"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217104r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010030</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+If the beginning of the file does not contain the above text immediately after the line (#!/bin/sh), this is a finding.</check-content></check></Rule></Group><Group id="V-217104"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217104r958390_rule" weight="10.0" severity="medium"><version>SLES-12-010030</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
@@ -145,7 +145,7 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."
 
-If the output does not display the correct banner text, this is a finding.</check-content></check></Rule></Group><Group id="V-217105"><title>SRG-OS-000228-GPOS-00088</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217105r646678_rule" weight="10.0" severity="medium"><version>SLES-12-010040</version><title>The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+If the output does not display the correct banner text, this is a finding.</check-content></check></Rule></Group><Group id="V-217105"><title>SRG-OS-000228-GPOS-00088</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217105r958586_rule" weight="10.0" severity="medium"><version>SLES-12-010040</version><title>The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
@@ -196,7 +196,7 @@ user-db:user
 system-db:gdm
 file-db:/usr/share/gdm/greeter-dconf-defaults
 
-If "banner-message-enable" is set to "false" or is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217106"><title>SRG-OS-000228-GPOS-00088</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217106r646681_rule" weight="10.0" severity="medium"><version>SLES-12-010050</version><title>The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+If "banner-message-enable" is set to "false" or is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217106"><title>SRG-OS-000228-GPOS-00088</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217106r958586_rule" weight="10.0" severity="medium"><version>SLES-12-010050</version><title>The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
@@ -244,13 +244,13 @@ banner-message-text=
 
 Note: The "\n" characters are for formatting only. They will not be displayed on the graphical user interface.
 
-If the banner text does not exactly match the approved Standard Mandatory DoD Notice and Consent Banner, this is a finding.</check-content></check></Rule></Group><Group id="V-217107"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217107r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010060</version><title>The SUSE operating system must be able to lock the graphical user interface (GUI).</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
+If the banner text does not exactly match the approved Standard Mandatory DoD Notice and Consent Banner, this is a finding.</check-content></check></Rule></Group><Group id="V-217107"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217107r1015203_rule" weight="10.0" severity="medium"><version>SLES-12-010060</version><title>The SUSE operating system must be able to lock the graphical user interface (GUI).</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
 
 The session lock is implemented at the point where session activity can be determined.
 
 Regardless of where the session lock is determined and implemented, once invoked, the session lock must remain in place until the user reauthenticates. No other activity aside from reauthentication must unlock the system.
 
-Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91753</ident><ident system="http://cyber.mil/legacy">V-77057</ident><ident system="http://cyber.mil/cci">CCI-000056</ident><ident system="http://cyber.mil/cci">CCI-000058</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-18333r369478_fix">This command must be run from an X11 session; otherwise, the command will not work correctly.
+Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91753</ident><ident system="http://cyber.mil/legacy">V-77057</ident><ident system="http://cyber.mil/cci">CCI-000056</ident><ident system="http://cyber.mil/cci">CCI-000058</ident><ident system="http://cyber.mil/cci">CCI-000057</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-18333r369478_fix">This command must be run from an X11 session; otherwise, the command will not work correctly.
 
 Configure the SUSE operating system to allow the user to lock the graphical user interface.
 
@@ -264,19 +264,19 @@ Run the following command:
 
 # gsettings get org.gnome.desktop.lockdown disable-lock-screen
 
-If the result is "true", this is a finding.</check-content></check></Rule></Group><Group id="V-217108"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217108r603262_rule" weight="10.0" severity="low"><version>SLES-12-010070</version><title>The SUSE operating system must utilize vlock to allow for session locking.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
+If the result is "true", this is a finding.</check-content></check></Rule></Group><Group id="V-217108"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217108r1015204_rule" weight="10.0" severity="low"><version>SLES-12-010070</version><title>The SUSE operating system must utilize vlock to allow for session locking.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
 
 The session lock is implemented at the point where session activity can be determined.
 
 Regardless of where the session lock is determined and implemented, once invoked, the session lock must remain in place until the user reauthenticates. No other activity aside from reauthentication must unlock the system.
 
-Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77059</ident><ident system="http://cyber.mil/legacy">SV-91755</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><ident system="http://cyber.mil/cci">CCI-000056</ident><ident system="http://cyber.mil/cci">CCI-000058</ident><fixtext fixref="F-36320r602673_fix">Allow users to lock the console by installing the "kbd" package using zypper:
+Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011, SRG-OS-000031-GPOS-00012&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77059</ident><ident system="http://cyber.mil/legacy">SV-91755</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><ident system="http://cyber.mil/cci">CCI-000056</ident><ident system="http://cyber.mil/cci">CCI-000058</ident><ident system="http://cyber.mil/cci">CCI-000057</ident><fixtext fixref="F-36320r602673_fix">Allow users to lock the console by installing the "kbd" package using zypper:
 
 # sudo zypper install kbd</fixtext><fix id="F-36320r602673_fix" /><check system="C-36357r602672_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Check that the SUSE operating system has the "vlock" package installed by running the following command: 
 
 # zypper se -i --provides vlock 
 
-If the command outputs "no matching items found", this is a finding.</check-content></check></Rule></Group><Group id="V-217109"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217109r646684_rule" weight="10.0" severity="medium"><version>SLES-12-010080</version><title>The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. 
+If the command outputs "no matching items found", this is a finding.</check-content></check></Rule></Group><Group id="V-217109"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217109r958402_rule" weight="10.0" severity="medium"><version>SLES-12-010080</version><title>The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. 
 
 Rather than relying on the users to manually lock their SUSE operating system session prior to vacating the vicinity, the SUSE operating system needs to be able to identify when a user's session has idled and take action to initiate the session lock.
 
@@ -292,41 +292,41 @@ Note: If the system does not have a graphical user interface installed, this req
 
 uint32 900
 
-If the command does not return a value less than or equal to "900", this is a finding.</check-content></check></Rule></Group><Group id="V-217110"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217110r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010090</version><title>The SUSE operating system must initiate a session lock after a 15-minute period of inactivity.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. 
+If the command does not return a value less than or equal to "900", this is a finding.</check-content></check></Rule></Group><Group id="V-217110"><title>SRG-OS-000029-GPOS-00010</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217110r1015002_rule" weight="10.0" severity="medium"><version>SLES-12-010090</version><title>The SUSE operating system must initiate a session lock after a 10-minute period of inactivity.</title><description>&lt;VulnDiscussion&gt;A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. 
 
 Rather than relying on the users to manually lock their SUSE operating system session prior to vacating the vicinity, the SUSE operating system needs to be able to identify when a user's session has idled and take action to initiate the session lock.
 
-The session lock is implemented at the point where session activity can be determined and/or controlled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77063</ident><ident system="http://cyber.mil/legacy">SV-91759</ident><ident system="http://cyber.mil/cci">CCI-000057</ident><fixtext fixref="F-18336r369487_fix">Configure the SUSE operating system to initiate a session lock after a 15-minute period of inactivity by modifying or creating (if it does not already exist) the "/etc/profile.d/autologout.sh" file and add the following lines to it:
+The session lock is implemented at the point where session activity can be determined and/or controlled.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77063</ident><ident system="http://cyber.mil/legacy">SV-91759</ident><ident system="http://cyber.mil/cci">CCI-000057</ident><fixtext fixref="F-18336r1015001_fix">Configure the SUSE operating system to initiate a session lock after a 10-minute period of inactivity by modifying or creating (if it does not already exist) the "/etc/profile.d/autologout.sh" file and add the following lines to it:
 
-TMOUT=900
+TMOUT=600
 readonly TMOUT
 export TMOUT
 
 Set the proper permissions for the "/etc/profile.d/autologout.sh" file with the following command:
 
-# sudo chmod +x /etc/profile.d/autologout.sh</fixtext><fix id="F-18336r369487_fix" /><check system="C-18338r369486_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system must initiate a session logout after a 15-minute period of inactivity for all connection types. 
+# sudo chmod +x /etc/profile.d/autologout.sh</fixtext><fix id="F-18336r1015001_fix" /><check system="C-18338r1015000_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system must initiate a session logout after a 10-minute period of inactivity for all connection types. 
 
-Check the proper script exists to kill an idle session after a 15-minute period of inactivity with the following command:
+Check the proper script exists to kill an idle session after a 10-minute period of inactivity with the following command:
 
 # cat /etc/profile.d/autologout.sh
-TMOUT=900
+TMOUT=600
 readonly TMOUT
 export TMOUT
 
-If the file "/etc/profile.d/autologout.sh" does not exist or the output from the function call is not the same, this is a finding.</check-content></check></Rule></Group><Group id="V-217111"><title>SRG-OS-000031-GPOS-00012</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217111r918489_rule" weight="10.0" severity="low"><version>SLES-12-010100</version><title>The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence.
+If the file "/etc/profile.d/autologout.sh" does not exist or the output from the function call is not the same, this is a finding.</check-content></check></Rule></Group><Group id="V-217111"><title>SRG-OS-000031-GPOS-00012</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217111r958404_rule" weight="10.0" severity="low"><version>SLES-12-010100</version><title>The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence.
 
 The session lock is implemented at the point where session activity can be determined. The SUSE operating system session lock event must include an obfuscation of the display screen to prevent other users from reading what was previously displayed.
 
-Publicly viewable images can include static or dynamic images, such as patterns used with screen savers, photographic images, solid colors, a clock, a battery life indicator, or a blank screen, with the additional caveat that none of the images conveys sensitive information.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91761</ident><ident system="http://cyber.mil/legacy">V-77065</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-18337r918489_fix">Note: If the system does not have X Windows installed, this requirement is Not Applicable.
-
-Configure the SUSE operating system to use a publicly viewable image by finding the Settings menu and then navigate to the Background selection section: 
-
-- Click "Applications" on the bottom left.
-- Hover over "System Tools" with the mouse.
-- Click the "Settings" icon under System Tools.
-- Click "Background" and then "Lock Screen".
-- Set the Lock Screen image to the user's choice.
-- Click "Select".
+Publicly viewable images can include static or dynamic images, such as patterns used with screen savers, photographic images, solid colors, a clock, a battery life indicator, or a blank screen, with the additional caveat that none of the images conveys sensitive information.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91761</ident><ident system="http://cyber.mil/legacy">V-77065</ident><ident system="http://cyber.mil/cci">CCI-000060</ident><fixtext fixref="F-18337r918489_fix">Note: If the system does not have X Windows installed, this requirement is Not Applicable.
+
+Configure the SUSE operating system to use a publicly viewable image by finding the Settings menu and then navigate to the Background selection section: 
+
+- Click "Applications" on the bottom left.
+- Hover over "System Tools" with the mouse.
+- Click the "Settings" icon under System Tools.
+- Click "Background" and then "Lock Screen".
+- Set the Lock Screen image to the user's choice.
+- Click "Select".
 - Exit Settings Dialog.</fixtext><fix id="F-18337r918489_fix" /><check system="C-18339r369489_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system conceals via the session lock information previously visible on the display with a publicly viewable image in the graphical user interface.
 
 Note: If the system does not have a graphical user interface installed, this requirement is Not Applicable.
@@ -336,17 +336,17 @@ Check that the lock screen is set to a publicly viewable image by running the fo
 # gsettings get org.gnome.desktop.screensaver picture-uri 
 'file:///usr/share/wallpapers/SLE-default-static.xml'
 
-If nothing is returned or "org.gnome.desktop.screensaver" is not set, this is a finding.</check-content></check></Rule></Group><Group id="V-217112"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217112r854084_rule" weight="10.0" severity="high"><version>SLES-12-010110</version><title>The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.</title><description>&lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. 
+If nothing is returned or "org.gnome.desktop.screensaver" is not set, this is a finding.</check-content></check></Rule></Group><Group id="V-217112"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217112r1015205_rule" weight="10.0" severity="high"><version>SLES-12-010110</version><title>The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.</title><description>&lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. 
 
 When SUSE operating system provide the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate.
 
-Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91763</ident><ident system="http://cyber.mil/legacy">V-77067</ident><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-18338r369493_fix">Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.</fixtext><fix id="F-18338r369493_fix" /><check system="C-18340r646685_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system requires reauthentication when changing authenticators, roles, or escalating privileges.
+Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91763</ident><ident system="http://cyber.mil/legacy">V-77067</ident><ident system="http://cyber.mil/cci">CCI-002038</ident><ident system="http://cyber.mil/cci">CCI-004895</ident><fixtext fixref="F-18338r369493_fix">Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.</fixtext><fix id="F-18338r369493_fix" /><check system="C-18340r646685_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system requires reauthentication when changing authenticators, roles, or escalating privileges.
 
 Check that "/etc/sudoers" has no occurrences of "NOPASSWD" or "!authenticate" with the following command:
 
 &gt; sudo egrep -i '(nopasswd|!authenticate)' /etc/sudoers
 
-If any uncommented lines containing "!authenticate", or "NOPASSWD" are returned and active accounts on the system have valid passwords, this is a finding.</check-content></check></Rule></Group><Group id="V-217113"><title>SRG-OS-000027-GPOS-00008</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217113r902834_rule" weight="10.0" severity="low"><version>SLES-12-010120</version><title>The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.</title><description>&lt;VulnDiscussion&gt;SUSE operating system management includes the ability to control the number of users and user sessions that utilize a SUSE operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to Denial-of-Service (DoS) attacks.
+If any uncommented lines containing "!authenticate", or "NOPASSWD" are returned and active accounts on the system have valid passwords, this is a finding.</check-content></check></Rule></Group><Group id="V-217113"><title>SRG-OS-000027-GPOS-00008</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217113r958398_rule" weight="10.0" severity="low"><version>SLES-12-010120</version><title>The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.</title><description>&lt;VulnDiscussion&gt;SUSE operating system management includes the ability to control the number of users and user sessions that utilize a SUSE operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to Denial-of-Service (DoS) attacks.
 
 This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions should be defined based on mission needs and the operational environment for each system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77069</ident><ident system="http://cyber.mil/legacy">SV-91765</ident><ident system="http://cyber.mil/cci">CCI-000054</ident><fixtext fixref="F-18339r902833_fix">Configure the SUSE operating system to limit the number of concurrent sessions to 10 or less for all accounts and/or account types.
 
@@ -360,7 +360,7 @@ The result must contain the following line:
 
 * hard maxlogins 10
 
-If the "maxlogins" item is missing, the line does not begin with a star symbol, or the value is not set to "10" or less, this is a finding.</check-content></check></Rule></Group><Group id="V-217114"><title>SRG-OS-000021-GPOS-00005</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217114r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010130</version><title>The SUSE operating system must lock an account after three consecutive invalid access attempts.</title><description>&lt;VulnDiscussion&gt;By limiting the number of failed access attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+If the "maxlogins" item is missing, the line does not begin with a star symbol, or the value is not set to "10" or less, this is a finding.</check-content></check></Rule></Group><Group id="V-217114"><title>SRG-OS-000021-GPOS-00005</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217114r958388_rule" weight="10.0" severity="medium"><version>SLES-12-010130</version><title>The SUSE operating system must lock an account after three consecutive invalid access attempts.</title><description>&lt;VulnDiscussion&gt;By limiting the number of failed access attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
 The pam_tally2.so module maintains a count of attempted accesses. This includes user name entry into a logon field as well as password entry. With counting access attempts, it is possible to lock an account without presenting a password into the password field. This should be taken into consideration as it poses as an avenue for denial of service.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91767</ident><ident system="http://cyber.mil/legacy">V-77071</ident><ident system="http://cyber.mil/cci">CCI-000044</ident><fixtext fixref="F-36321r602676_fix">Configure the operating system to lock an account when three unsuccessful access attempts occur.
 
@@ -389,7 +389,7 @@ Check that the system resets the failed login attempts counter after a successfu
 # grep pam_tally2.so /etc/pam.d/common-account 
 account required pam_tally2.so 
 
-If the account option is missing, or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217116"><title>SRG-OS-000480-GPOS-00226</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217116r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010140</version><title>The SUSE operating system must enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.</title><description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91769</ident><ident system="http://cyber.mil/legacy">V-77073</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18342r369505_fix">Configure the SUSE operating system to enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.
+If the account option is missing, or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217116"><title>SRG-OS-000480-GPOS-00226</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217116r991588_rule" weight="10.0" severity="medium"><version>SLES-12-010140</version><title>The SUSE operating system must enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.</title><description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91769</ident><ident system="http://cyber.mil/legacy">V-77073</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18342r369505_fix">Configure the SUSE operating system to enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.
 
 Add or update the following variable in "/etc/login.defs" to match the line below ("FAIL_DELAY" must have a value of "4" or higher):
 
@@ -400,9 +400,9 @@ Check that the SUSE operating system enforces a delay of at least four (4) secon
 # grep FAIL_DELAY /etc/login.defs
 FAIL_DELAY 4
 
-If the value of "FAIL_DELAY" is not set to "4", "FAIL_DELAY" is commented out, or "FAIL_DELAY" is missing, then this is a finding.</check-content></check></Rule></Group><Group id="V-217117"><title>SRG-OS-000069-GPOS-00037</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217117r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010150</version><title>The SUSE operating system must enforce passwords that contain at least one upper-case character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+If the value of "FAIL_DELAY" is not set to "4", "FAIL_DELAY" is commented out, or "FAIL_DELAY" is missing, then this is a finding.</check-content></check></Rule></Group><Group id="V-217117"><title>SRG-OS-000069-GPOS-00037</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217117r1015206_rule" weight="10.0" severity="medium"><version>SLES-12-010150</version><title>The SUSE operating system must enforce passwords that contain at least one upper-case character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77075</ident><ident system="http://cyber.mil/legacy">SV-91771</ident><ident system="http://cyber.mil/cci">CCI-000192</ident><fixtext fixref="F-18343r369508_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one upper-case character.
+Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77075</ident><ident system="http://cyber.mil/legacy">SV-91771</ident><ident system="http://cyber.mil/cci">CCI-000192</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18343r369508_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one upper-case character.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "ucredit=-1" after the third column.</fixtext><fix id="F-18343r369508_fix" /><check system="C-18345r369507_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system enforces password complexity by requiring that at least one upper-case character.
 
@@ -411,9 +411,9 @@ Check that the operating system enforces password complexity by requiring that a
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so ucredit=-1
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "ucredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217118"><title>SRG-OS-000070-GPOS-00038</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217118r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010160</version><title>The SUSE operating system must enforce passwords that contain at least one lower-case character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "ucredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217118"><title>SRG-OS-000070-GPOS-00038</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217118r1015207_rule" weight="10.0" severity="medium"><version>SLES-12-010160</version><title>The SUSE operating system must enforce passwords that contain at least one lower-case character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91773</ident><ident system="http://cyber.mil/legacy">V-77077</ident><ident system="http://cyber.mil/cci">CCI-000193</ident><fixtext fixref="F-18344r369511_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one lower-case character.
+Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91773</ident><ident system="http://cyber.mil/legacy">V-77077</ident><ident system="http://cyber.mil/cci">CCI-000193</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18344r369511_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one lower-case character.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "lcredit=-1" after the third column.</fixtext><fix id="F-18344r369511_fix" /><check system="C-18346r369510_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system enforces password complexity by requiring that at least one lower-case character.
 
@@ -422,9 +422,9 @@ Check that the operating system enforces password complexity by requiring that a
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so lcredit=-1
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "lcredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217119"><title>SRG-OS-000071-GPOS-00039</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217119r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010170</version><title>The SUSE operating system must enforce passwords that contain at least one numeric character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "lcredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217119"><title>SRG-OS-000071-GPOS-00039</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217119r1015208_rule" weight="10.0" severity="medium"><version>SLES-12-010170</version><title>The SUSE operating system must enforce passwords that contain at least one numeric character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
-Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91775</ident><ident system="http://cyber.mil/legacy">V-77079</ident><ident system="http://cyber.mil/cci">CCI-000194</ident><fixtext fixref="F-18345r369514_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one numeric character.
+Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91775</ident><ident system="http://cyber.mil/legacy">V-77079</ident><ident system="http://cyber.mil/cci">CCI-000194</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18345r369514_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one numeric character.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "dcredit=-1" after the third column.</fixtext><fix id="F-18345r369514_fix" /><check system="C-18347r369513_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system enforces password complexity by requiring that at least one numeric character.
 
@@ -433,11 +433,11 @@ Check that the operating system enforces password complexity by requiring that a
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so dcredit=-1
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "dcredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217120"><title>SRG-OS-000266-GPOS-00101</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217120r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010180</version><title>The SUSE operating system must enforce passwords that contain at least one special character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "dcredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217120"><title>SRG-OS-000266-GPOS-00101</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217120r1015209_rule" weight="10.0" severity="medium"><version>SLES-12-010180</version><title>The SUSE operating system must enforce passwords that contain at least one special character.</title><description>&lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
 Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
 
-Special characters are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91777</ident><ident system="http://cyber.mil/legacy">V-77081</ident><ident system="http://cyber.mil/cci">CCI-001619</ident><fixtext fixref="F-18346r369517_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one special character.
+Special characters are not alphanumeric. Examples include: ~ ! @ # $ % ^ *.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91777</ident><ident system="http://cyber.mil/legacy">V-77081</ident><ident system="http://cyber.mil/cci">CCI-001619</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18346r369517_fix">Configure the SUSE operating system to enforce password complexity by requiring at least one special character.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "ocredit=-1" after the third column.</fixtext><fix id="F-18346r369517_fix" /><check system="C-18348r369516_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system enforces password complexity by requiring that at least one special character.
 
@@ -446,9 +446,9 @@ Check that the operating system enforces password complexity by requiring that a
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so ocredit=-1
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "ocredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217121"><title>SRG-OS-000072-GPOS-00040</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217121r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010190</version><title>The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "ocredit=-1", this is a finding.</check-content></check></Rule></Group><Group id="V-217121"><title>SRG-OS-000072-GPOS-00040</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217121r1015210_rule" weight="10.0" severity="medium"><version>SLES-12-010190</version><title>The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks.
 
-The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. In other words, characters may be the same within the two passwords; however, the positions of the like characters must be different.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91783</ident><ident system="http://cyber.mil/legacy">V-77087</ident><ident system="http://cyber.mil/cci">CCI-000195</ident><fixtext fixref="F-18347r369520_fix">Configure the SUSE operating system to require at least eight characters be changed between the old and new passwords during a password change with the following command:
+The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. In other words, characters may be the same within the two passwords; however, the positions of the like characters must be different.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91783</ident><ident system="http://cyber.mil/legacy">V-77087</ident><ident system="http://cyber.mil/cci">CCI-000195</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18347r369520_fix">Configure the SUSE operating system to require at least eight characters be changed between the old and new passwords during a password change with the following command:
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "difok=8" after the third column.</fixtext><fix id="F-18347r369520_fix" /><check system="C-18349r369519_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system requires at least eight (8) characters be changed between the old and new passwords during a password change.
 
@@ -457,7 +457,7 @@ Check that the operating system requires at least eight (8) characters be change
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so difok=8
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "difok", or the value is less than "8", this is a finding.</check-content></check></Rule></Group><Group id="V-217122"><title>SRG-OS-000120-GPOS-00061</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217122r646689_rule" weight="10.0" severity="medium"><version>SLES-12-010210</version><title>The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).</title><description>&lt;VulnDiscussion&gt;Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied on to provide confidentiality or integrity, and DoD data may be compromised.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "difok", or the value is less than "8", this is a finding.</check-content></check></Rule></Group><Group id="V-217122"><title>SRG-OS-000120-GPOS-00061</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217122r971535_rule" weight="10.0" severity="medium"><version>SLES-12-010210</version><title>The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).</title><description>&lt;VulnDiscussion&gt;Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied on to provide confidentiality or integrity, and DoD data may be compromised.
 
 SUSE operating systems using encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. 
 
@@ -473,11 +473,11 @@ Check the value of "ENCRYPT_METHOD" value in "/etc/login.defs" with the followin
 
 ENCRYPT_METHOD SHA512
 
-If "ENCRYPT_METHOD" is not set to "SHA512", if any values other that "SHA512" are configured, or if no output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-217123"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217123r877397_rule" weight="10.0" severity="medium"><version>SLES-12-010220</version><title>The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.</title><description>&lt;VulnDiscussion&gt;The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
+If "ENCRYPT_METHOD" is not set to "SHA512", if any values other that "SHA512" are configured, or if no output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-217123"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217123r1015211_rule" weight="10.0" severity="medium"><version>SLES-12-010220</version><title>The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.</title><description>&lt;VulnDiscussion&gt;The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
 
 Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
 
-Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77099</ident><ident system="http://cyber.mil/legacy">SV-91795</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><fixtext fixref="F-18349r646691_fix">Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash.
+Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77099</ident><ident system="http://cyber.mil/legacy">SV-91795</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><ident system="http://cyber.mil/cci">CCI-004062</ident><fixtext fixref="F-18349r646691_fix">Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash.
 
 Edit/modify the following line in the "/etc/login.defs" file and set "ENCRYPT_METHOD" to have a value of "SHA512".
 
@@ -493,9 +493,9 @@ $6$kcOnRq/5$NUEYPuyL.wghQwWssXRcLRFiiru7f5JPV6GaJhNC2aK5F3PZpE/BCCtwrxRc/AInKMNX
 
 Password hashes "!" or "*" indicate inactive accounts not available for logon and are not evaluated. 
 
-If any interactive user password hash does not begin with "$6", this is a finding.</check-content></check></Rule></Group><Group id="V-217124"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217124r877397_rule" weight="10.0" severity="medium"><version>SLES-12-010230</version><title>The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.</title><description>&lt;VulnDiscussion&gt;Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
+If any interactive user password hash does not begin with "$6", this is a finding.</check-content></check></Rule></Group><Group id="V-217124"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217124r1015212_rule" weight="10.0" severity="medium"><version>SLES-12-010230</version><title>The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.</title><description>&lt;VulnDiscussion&gt;Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
 
-Satisfies: SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77105</ident><ident system="http://cyber.mil/legacy">SV-91801</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><fixtext fixref="F-18350r369529_fix">Configure the SUSE operating system Linux PAM to only store encrypted representations of passwords. All account passwords must be hashed with SHA512 encryption strength.
+Satisfies: SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77105</ident><ident system="http://cyber.mil/legacy">SV-91801</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><ident system="http://cyber.mil/cci">CCI-004062</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><fixtext fixref="F-18350r369529_fix">Configure the SUSE operating system Linux PAM to only store encrypted representations of passwords. All account passwords must be hashed with SHA512 encryption strength.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_unix.so" to contain the SHA512 keyword after third column. Remove the "nullok" option.</fixtext><fix id="F-18350r369529_fix" /><check system="C-18352r369528_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system configures the Linux PAM to only store encrypted representations of passwords. All account passwords must be hashed with SHA512 encryption strength.
 
@@ -504,7 +504,7 @@ Check that PAM is configured to create SHA512 hashed passwords by running the fo
 # grep pam_unix.so /etc/pam.d/common-password
 password required pam_unix.so sha512
 
-If the command does not return anything or the returned line is commented out, has a second column value different from "required", or does not contain "sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-217125"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217125r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010231</version><title>The SUSE operating system must not be configured to allow blank or null passwords.</title><description>&lt;VulnDiscussion&gt; Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-81785</ident><ident system="http://cyber.mil/legacy">SV-96499</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18351r369532_fix">Configure the SUSE operating system to not allow blank or null passwords.
+If the command does not return anything or the returned line is commented out, has a second column value different from "required", or does not contain "sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-217125"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217125r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010231</version><title>The SUSE operating system must not be configured to allow blank or null passwords.</title><description>&lt;VulnDiscussion&gt; Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-81785</ident><ident system="http://cyber.mil/legacy">SV-96499</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18351r369532_fix">Configure the SUSE operating system to not allow blank or null passwords.
 
 Remove any instances of the "nullok" option in "/etc/pam.d/common-auth" and "/etc/pam.d/common-password" to prevent logons with empty passwords.</fixtext><fix id="F-18351r369532_fix" /><check system="C-18353r369531_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating is not configured to allow blank or null passwords.
 
@@ -513,11 +513,11 @@ Check that blank or null passwords cannot be used by running the following comma
 # grep pam_unix.so /etc/pam.d/* | grep nullok
 If this produces any output, it may be possible to log on with accounts with empty passwords.
 
-If null passwords can be used, this is a finding.</check-content></check></Rule></Group><Group id="V-217126"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217126r877397_rule" weight="10.0" severity="medium"><version>SLES-12-010240</version><title>The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.</title><description>&lt;VulnDiscussion&gt;The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
+If null passwords can be used, this is a finding.</check-content></check></Rule></Group><Group id="V-217126"><title>SRG-OS-000073-GPOS-00041</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217126r1015213_rule" weight="10.0" severity="medium"><version>SLES-12-010240</version><title>The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.</title><description>&lt;VulnDiscussion&gt;The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
 
 Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
 
-Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77107</ident><ident system="http://cyber.mil/legacy">SV-91803</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><fixtext fixref="F-18352r369535_fix">Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash.
+Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77107</ident><ident system="http://cyber.mil/legacy">SV-91803</ident><ident system="http://cyber.mil/cci">CCI-000803</ident><ident system="http://cyber.mil/cci">CCI-000196</ident><ident system="http://cyber.mil/cci">CCI-004062</ident><fixtext fixref="F-18352r369535_fix">Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash.
 
 Edit/modify the following line in the "/etc/login.defs" file and set "SHA_CRYPT_MIN_ROUNDS" to a value no lower than "5000":
 
@@ -529,9 +529,9 @@ egrep "^SHA_CRYPT_" /etc/login.defs
 
 If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
 
-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-217127"><title>SRG-OS-000078-GPOS-00046</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217127r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010250</version><title>The SUSE operating system must employ passwords with a minimum of 15 characters.</title><description>&lt;VulnDiscussion&gt;The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-217127"><title>SRG-OS-000078-GPOS-00046</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217127r1015214_rule" weight="10.0" severity="medium"><version>SLES-12-010250</version><title>The SUSE operating system must employ passwords with a minimum of 15 characters.</title><description>&lt;VulnDiscussion&gt;The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
 
-Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps determine strength and how long it takes to crack a password. Use of more characters in a password helps exponentially increase the time and/or resources required to compromise the password.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91805</ident><ident system="http://cyber.mil/legacy">V-77109</ident><ident system="http://cyber.mil/cci">CCI-000205</ident><fixtext fixref="F-18353r369538_fix">Configure the SUSE operating system to enforce a minimum 15-character password length.
+Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps determine strength and how long it takes to crack a password. Use of more characters in a password helps exponentially increase the time and/or resources required to compromise the password.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91805</ident><ident system="http://cyber.mil/legacy">V-77109</ident><ident system="http://cyber.mil/cci">CCI-000205</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18353r369538_fix">Configure the SUSE operating system to enforce a minimum 15-character password length.
 
 Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "minlen=15" after the third column.
 
@@ -542,7 +542,7 @@ Check that the operating system enforces a minimum 15-character password length
 # grep pam_cracklib.so /etc/pam.d/common-password
 password requisite pam_cracklib.so minlen=15
 
-If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "minlen" value, or the value is less than "15", this is a finding.</check-content></check></Rule></Group><Group id="V-217128"><title>SRG-OS-000075-GPOS-00043</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217128r646695_rule" weight="10.0" severity="medium"><version>SLES-12-010260</version><title>The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).</title><description>&lt;VulnDiscussion&gt;Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77111</ident><ident system="http://cyber.mil/legacy">SV-91807</ident><ident system="http://cyber.mil/cci">CCI-000198</ident><fixtext fixref="F-18354r646694_fix">Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age.
+If the command does not return anything, the returned line is commented out, or has a second column value different from "requisite", or does not contain "minlen" value, or the value is less than "15", this is a finding.</check-content></check></Rule></Group><Group id="V-217128"><title>SRG-OS-000075-GPOS-00043</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217128r1015215_rule" weight="10.0" severity="medium"><version>SLES-12-010260</version><title>The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).</title><description>&lt;VulnDiscussion&gt;Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77111</ident><ident system="http://cyber.mil/legacy">SV-91807</ident><ident system="http://cyber.mil/cci">CCI-000198</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18354r646694_fix">Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age.
 
 Edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days:
 
@@ -556,7 +556,7 @@ Check that the SUSE operating system enforces 24 hours/one day as the minimum pa
 
 PASS_MIN_DAYS 1
 
-If no output is produced, or if "PASS_MIN_DAYS" does not have a value of "1" or greater, this is a finding.</check-content></check></Rule></Group><Group id="V-217129"><title>SRG-OS-000075-GPOS-00043</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217129r646698_rule" weight="10.0" severity="medium"><version>SLES-12-010270</version><title>The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).</title><description>&lt;VulnDiscussion&gt;Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91809</ident><ident system="http://cyber.mil/legacy">V-77113</ident><ident system="http://cyber.mil/cci">CCI-000198</ident><fixtext fixref="F-18355r646697_fix">Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age for user accounts.
+If no output is produced, or if "PASS_MIN_DAYS" does not have a value of "1" or greater, this is a finding.</check-content></check></Rule></Group><Group id="V-217129"><title>SRG-OS-000075-GPOS-00043</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217129r1015216_rule" weight="10.0" severity="medium"><version>SLES-12-010270</version><title>The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).</title><description>&lt;VulnDiscussion&gt;Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91809</ident><ident system="http://cyber.mil/legacy">V-77113</ident><ident system="http://cyber.mil/cci">CCI-000198</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18355r646697_fix">Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age for user accounts.
 
 Change the minimum time period between password changes for each [USER] account to "1" day with the command, replacing [USER] with the user account that must be changed:
 
@@ -568,7 +568,7 @@ Check the minimum time period between password changes for each user account wit
 
 smithj:1
 
-If any results are returned that are not associated with a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-217130"><title>SRG-OS-000076-GPOS-00044</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217130r646701_rule" weight="10.0" severity="medium"><version>SLES-12-010280</version><title>The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.</title><description>&lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the SUSE operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the SUSE operating system passwords could be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91811</ident><ident system="http://cyber.mil/legacy">V-77115</ident><ident system="http://cyber.mil/cci">CCI-000199</ident><fixtext fixref="F-18356r646700_fix">Configure the SUSE operating system to enforce a maximum password age of 60 days or less.
+If any results are returned that are not associated with a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-217130"><title>SRG-OS-000076-GPOS-00044</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217130r1015217_rule" weight="10.0" severity="medium"><version>SLES-12-010280</version><title>The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.</title><description>&lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the SUSE operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the SUSE operating system passwords could be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91811</ident><ident system="http://cyber.mil/legacy">V-77115</ident><ident system="http://cyber.mil/cci">CCI-000199</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18356r646700_fix">Configure the SUSE operating system to enforce a maximum password age of 60 days or less.
 
 Edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days:
 
@@ -582,7 +582,7 @@ Check that the SUSE operating system enforces 60 days or less as the maximum pas
 
 The DoD requirement is "60" days or less (greater than zero, as zero days will lock the account immediately).
 
-If no output is produced, or if PASS_MAX_DAYS is not set to "60" days or less, this is a finding.</check-content></check></Rule></Group><Group id="V-217131"><title>SRG-OS-000076-GPOS-00044</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217131r646704_rule" weight="10.0" severity="medium"><version>SLES-12-010290</version><title>The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.</title><description>&lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the SUSE operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the SUSE operating system passwords could be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91813</ident><ident system="http://cyber.mil/legacy">V-77117</ident><ident system="http://cyber.mil/cci">CCI-000199</ident><fixtext fixref="F-18357r646703_fix">Configure the SUSE operating system to enforce a maximum password age of each [USER] account to 60 days. The command in the check text will give a list of users that need to be updated to be in compliance:
+If no output is produced, or if PASS_MAX_DAYS is not set to "60" days or less, this is a finding.</check-content></check></Rule></Group><Group id="V-217131"><title>SRG-OS-000076-GPOS-00044</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217131r1015218_rule" weight="10.0" severity="medium"><version>SLES-12-010290</version><title>The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.</title><description>&lt;VulnDiscussion&gt;Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the SUSE operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the SUSE operating system passwords could be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91813</ident><ident system="http://cyber.mil/legacy">V-77117</ident><ident system="http://cyber.mil/cci">CCI-000199</ident><ident system="http://cyber.mil/cci">CCI-004066</ident><fixtext fixref="F-18357r646703_fix">Configure the SUSE operating system to enforce a maximum password age of each [USER] account to 60 days. The command in the check text will give a list of users that need to be updated to be in compliance:
 
 &gt; sudo passwd -x 60 [USER]
 
@@ -592,29 +592,7 @@ Check that the SUSE operating system enforces 60 days or less as the maximum use
 
 &gt; sudo awk -F: '$5 &gt; 60 || $5 == "" {print $1 ":" $5}' /etc/shadow
 
-If any results are returned that are not associated with a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-217132"><title>SRG-OS-000077-GPOS-00045</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217132r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010300</version><title>The SUSE operating system must employ a password history file.</title><description>&lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91815</ident><ident system="http://cyber.mil/legacy">V-77119</ident><ident system="http://cyber.mil/cci">CCI-000200</ident><fixtext fixref="F-18358r369553_fix">Configure the SUSE operating system to create the password history file with the following commands:
-
-# sudo touch /etc/security/opasswd
-# sudo chown root:root /etc/security/opasswd
-# sudo chmod 0600 /etc/security/opasswd</fixtext><fix id="F-18358r369553_fix" /><check system="C-18360r369552_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the password history file exists on the SUSE operating system.
-
-Check that the password history file exists with the following command:
-
-# ls -al /etc/security/opasswd
-
--rw------- 1 root root 7 Dec 13 17:21 /etc/security/opasswd
-
-If "/etc/security/opasswd" does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-217133"><title>SRG-OS-000077-GPOS-00045</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217133r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010310</version><title>The SUSE operating system must not allow passwords to be reused for a minimum of five (5) generations.</title><description>&lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77121</ident><ident system="http://cyber.mil/legacy">SV-91817</ident><ident system="http://cyber.mil/cci">CCI-000200</ident><fixtext fixref="F-18359r369556_fix">Configure the SUSE operating system password history to prohibit the reuse of a password for a minimum of five generations.
-
-Edit "/etc/pam.d/common-password" and edit the line containing "pam_pwhistory.so" to contain the option "remember=5 use_authtok" after the third column.</fixtext><fix id="F-18359r369556_fix" /><check system="C-18361r369555_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system prohibits the reuse of a password for a minimum of five (5) generations.
-
-Check that the SUSE operating system prohibits the reuse of a password for a minimum of five (5) generations with the following command:
-
-# grep pam_pwhistory.so /etc/pam.d/common-password
-
-password requisite pam_pwhistory.so remember=5 use_authtok
-
-If the command does not return a result, or the returned line is commented out, has a second column value different from "requisite", does not contain "remember" value, the value is less than "5", or is missing the "use_authtok" keyword, this is a finding.</check-content></check></Rule></Group><Group id="V-217134"><title>SRG-OS-000480-GPOS-00225</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217134r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010320</version><title>The SUSE operating system must prevent the use of dictionary words for passwords.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91819</ident><ident system="http://cyber.mil/legacy">V-77123</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18360r369559_fix">Configure the SUSE operating system to prevent the use of dictionary words for passwords.
+If any results are returned that are not associated with a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-217134"><title>SRG-OS-000480-GPOS-00225</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217134r991587_rule" weight="10.0" severity="medium"><version>SLES-12-010320</version><title>The SUSE operating system must prevent the use of dictionary words for passwords.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91819</ident><ident system="http://cyber.mil/legacy">V-77123</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18360r369559_fix">Configure the SUSE operating system to prevent the use of dictionary words for passwords.
 
 Edit "/etc/pam.d/common-password" and add the following line:
 
@@ -627,7 +605,7 @@ password requisite pam_cracklib.so retry=3
 
 If the command does not return anything, or the returned line is commented out, this is a finding.
 
-If the value of "retry" is greater than 3, this is a finding.</check-content></check></Rule></Group><Group id="V-217135"><title>SRG-OS-000123-GPOS-00064</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217135r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010330</version><title>The SUSE operating system must never automatically remove or disable emergency administrator accounts.</title><description>&lt;VulnDiscussion&gt;Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability. 
+If the value of "retry" is greater than 3, this is a finding.</check-content></check></Rule></Group><Group id="V-217135"><title>SRG-OS-000123-GPOS-00064</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217135r958508_rule" weight="10.0" severity="medium"><version>SLES-12-010330</version><title>The SUSE operating system must never automatically remove or disable emergency administrator accounts.</title><description>&lt;VulnDiscussion&gt;Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability. 
 
 Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by the organization's system administrators when network or normal logon/access is not available). Infrequently used accounts are not subject to automatic termination dates. Emergency accounts are accounts created in response to crisis situations, usually for use by maintenance personnel. The automatic expiration or disabling time period may be extended as needed until the crisis is resolved; however, it must not be extended indefinitely. A permanent account should be established for privileged users who need long-term maintenance accounts.
 
@@ -645,9 +623,9 @@ Check to see if the root account password or account expires with the following
 
 Password expires:never
 
-If "Password expires" or "Account expires" is set to anything other than "never", this is a finding.</check-content></check></Rule></Group><Group id="V-217136"><title>SRG-OS-000118-GPOS-00060</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217136r928528_rule" weight="10.0" severity="medium"><version>SLES-12-010340</version><title>The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.</title><description>&lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
+If "Password expires" or "Account expires" is set to anything other than "never", this is a finding.</check-content></check></Rule></Group><Group id="V-217136"><title>SRG-OS-000118-GPOS-00060</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217136r1015219_rule" weight="10.0" severity="medium"><version>SLES-12-010340</version><title>The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.</title><description>&lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
 
-The SUSE operating system needs to track periods of inactivity and disable application identifiers after 35 days of inactivity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77127</ident><ident system="http://cyber.mil/legacy">SV-91823</ident><ident system="http://cyber.mil/cci">CCI-000795</ident><fixtext fixref="F-18362r928527_fix">Configure the SUSE operating system to disable account identifiers after 35 days of inactivity since the password expiration. 
+The SUSE operating system needs to track periods of inactivity and disable application identifiers after 35 days of inactivity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77127</ident><ident system="http://cyber.mil/legacy">SV-91823</ident><ident system="http://cyber.mil/cci">CCI-000795</ident><ident system="http://cyber.mil/cci">CCI-003627</ident><fixtext fixref="F-18362r928527_fix">Configure the SUSE operating system to disable account identifiers after 35 days of inactivity since the password expiration. 
 
 Run the following command to change the configuration for "useradd" to disable the account identifier after 35 days:
 
@@ -661,7 +639,7 @@ Check the account inactivity value by performing the following command:
 
 INACTIVE=35
 
-If "INACTIVE" is not set to a value greater than "0" and less than or equal to "35", this is a finding.</check-content></check></Rule></Group><Group id="V-217138"><title>SRG-OS-000480-GPOS-00226</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217138r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010370</version><title>The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.</title><description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91827</ident><ident system="http://cyber.mil/legacy">V-77131</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18364r369571_fix">Configure the SUSE operating system to enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
+If "INACTIVE" is not set to a value greater than "0" and less than or equal to "35", this is a finding.</check-content></check></Rule></Group><Group id="V-217138"><title>SRG-OS-000480-GPOS-00226</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217138r991588_rule" weight="10.0" severity="medium"><version>SLES-12-010370</version><title>The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.</title><description>&lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91827</ident><ident system="http://cyber.mil/legacy">V-77131</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18364r369571_fix">Configure the SUSE operating system to enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
 
 Edit the file "/etc/pam.d/common-auth".
 
@@ -673,7 +651,7 @@ auth required pam_faildelay.so delay=4000000</fixtext><fix id="F-18364r369571_fi
 # grep pam_faildelay /etc/pam.d/common-auth*
 auth required pam_faildelay.so delay=4000000
 
-If the value of "delay" is not set to "4000000" or greater, "delay" is commented out, "delay" is missing, or the "pam_faildelay" line is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217139"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217139r877377_rule" weight="10.0" severity="high"><version>SLES-12-010380</version><title>The SUSE operating system must not allow unattended or automatic logon via the graphical user interface.</title><description>&lt;VulnDiscussion&gt;Failure to restrict system access to authenticated users negatively impacts SUSE operating system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91829</ident><ident system="http://cyber.mil/legacy">V-77133</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18365r646706_fix">Note: If a graphical user interface is not installed, this requirement is Not Applicable.
+If the value of "delay" is not set to "4000000" or greater, "delay" is commented out, "delay" is missing, or the "pam_faildelay" line is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217139"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217139r991591_rule" weight="10.0" severity="high"><version>SLES-12-010380</version><title>The SUSE operating system must not allow unattended or automatic logon via the graphical user interface.</title><description>&lt;VulnDiscussion&gt;Failure to restrict system access to authenticated users negatively impacts SUSE operating system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91829</ident><ident system="http://cyber.mil/legacy">V-77133</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18365r646706_fix">Note: If a graphical user interface is not installed, this requirement is Not Applicable.
 
 Configure the SUSE operating system graphical user interface to not allow unattended or automatic logon to the system.
 
@@ -696,7 +674,7 @@ DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"
 
 If the "DISPLAYMANAGER_AUTOLOGIN" parameter includes a username or the
 "DISPLAYMANAGER_PASSWORD_LESS_LOGIN" parameter is not set to "no", this is a
-finding.</check-content></check></Rule></Group><Group id="V-217140"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217140r858540_rule" weight="10.0" severity="low"><version>SLES-12-010390</version><title>The SUSE operating system must display the date and time of the last successful account logon upon logon.</title><description>&lt;VulnDiscussion&gt;Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91831</ident><ident system="http://cyber.mil/legacy">V-77135</ident><ident system="http://cyber.mil/cci">CCI-000052</ident><fixtext fixref="F-18366r369577_fix">Configure the SUSE operating system to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/login". 
+finding.</check-content></check></Rule></Group><Group id="V-217140"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217140r991589_rule" weight="10.0" severity="low"><version>SLES-12-010390</version><title>The SUSE operating system must display the date and time of the last successful account logon upon logon.</title><description>&lt;VulnDiscussion&gt;Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91831</ident><ident system="http://cyber.mil/legacy">V-77135</ident><ident system="http://cyber.mil/cci">CCI-000052</ident><fixtext fixref="F-18366r369577_fix">Configure the SUSE operating system to provide users with feedback on when account accesses last occurred by setting the required configuration options in "/etc/pam.d/login". 
 
 Add the following line to the top of "/etc/pam.d/login":
 
@@ -708,7 +686,7 @@ Check that "pam_lastlog" is used and not silent with the following command:
 
 session required pam_lastlog.so showfailed 
 
-If "pam_lastlog" is missing from "/etc/pam.d/login" file, the "silent" option is present, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217141"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217141r603262_rule" weight="10.0" severity="high"><version>SLES-12-010400</version><title>There must be no .shosts files on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77137</ident><ident system="http://cyber.mil/legacy">SV-91833</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18367r369580_fix">Remove any ".shosts" files found on the SUSE operating system.
+If "pam_lastlog" is missing from "/etc/pam.d/login" file, the "silent" option is present, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217141"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217141r991589_rule" weight="10.0" severity="high"><version>SLES-12-010400</version><title>There must be no .shosts files on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77137</ident><ident system="http://cyber.mil/legacy">SV-91833</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18367r369580_fix">Remove any ".shosts" files found on the SUSE operating system.
 
 # rm /[path]/[to]/[file]/.shosts</fixtext><fix id="F-18367r369580_fix" /><check system="C-18369r369579_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify there are no ".shosts" files on the SUSE operating system.
 
@@ -716,7 +694,7 @@ Check the system for the existence of these files with the following command:
 
 # find / -name '.shosts'
 
-If any ".shosts" files are found on the system, this is a finding.</check-content></check></Rule></Group><Group id="V-217142"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217142r603262_rule" weight="10.0" severity="high"><version>SLES-12-010410</version><title>There must be no shosts.equiv files on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77139</ident><ident system="http://cyber.mil/legacy">SV-91835</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18368r369583_fix">Remove any "shosts.equiv" files found on the SUSE operating system.
+If any ".shosts" files are found on the system, this is a finding.</check-content></check></Rule></Group><Group id="V-217142"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217142r991589_rule" weight="10.0" severity="high"><version>SLES-12-010410</version><title>There must be no shosts.equiv files on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77139</ident><ident system="http://cyber.mil/legacy">SV-91835</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18368r369583_fix">Remove any "shosts.equiv" files found on the SUSE operating system.
 
 # rm /[path]/[to]/[file]/shosts.equiv</fixtext><fix id="F-18368r369583_fix" /><check system="C-18370r369582_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify there are no "shosts.equiv" files on the SUSE operating system.
 
@@ -724,7 +702,7 @@ Check the system for the existence of these files with the following command:
 
 # find /etc -name shosts.equiv
 
-If any "shosts.equiv" files are found on the system, this is a finding.</check-content></check></Rule></Group><Group id="V-217143"><title>SRG-OS-000478-GPOS-00223</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217143r877466_rule" weight="10.0" severity="medium"><version>SLES-12-010420</version><title>FIPS 140-2 mode must be enabled on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The SUSE operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
+If any "shosts.equiv" files are found on the system, this is a finding.</check-content></check></Rule></Group><Group id="V-217143"><title>SRG-OS-000478-GPOS-00223</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217143r959006_rule" weight="10.0" severity="medium"><version>SLES-12-010420</version><title>FIPS 140-2 mode must be enabled on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The SUSE operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
 
 Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000478-GPOS-00223&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91837</ident><ident system="http://cyber.mil/legacy">V-77141</ident><ident system="http://cyber.mil/cci">CCI-002450</ident><fixtext fixref="F-18369r369586_fix">To configure the SUSE operating system to run in FIPS mode, add "fips=1" to the kernel parameter during the SUSE operating system install.
 
@@ -736,7 +714,7 @@ http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2435.pdf</fixtex
 
 1
 
-If nothing is returned, the file does not exist, or the value returned is "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217144"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217144r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010430</version><title>SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
+If nothing is returned, the file does not exist, or the value returned is "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217144"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217144r958472_rule" weight="10.0" severity="medium"><version>SLES-12-010430</version><title>SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-approved PKIs, all DoD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
 
 Access control policies include identity-based policies, role-based policies, and attribute-based policies. Access enforcement mechanisms include access control lists, access control matrices, and cryptography. These policies and mechanisms must be employed by the application to control access between users (or processes acting on behalf of users) and objects (e.g., devices, files, records, processes, programs, and domains) in the information system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77143</ident><ident system="http://cyber.mil/legacy">SV-91839</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-18370r369589_fix">Note: If the system does not use a basic input/output system (BIOS) this requirement is Not Applicable.
 
@@ -769,7 +747,7 @@ Check that the encrypted password is set for a boot user with the following comm
 
 password_pbkdf2 boot grub.pbkdf2.sha512.10000.VeryLongString
 
-If the boot user password entry does not begin with "password_pbkdf2", this is a finding.</check-content></check></Rule></Group><Group id="V-217145"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217145r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010440</version><title>SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system allows a user to boot into single-user or maintenance mode without authentication, any user that invokes single-user or maintenance mode is granted privileged access to all system information.
+If the boot user password entry does not begin with "password_pbkdf2", this is a finding.</check-content></check></Rule></Group><Group id="V-217145"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217145r958472_rule" weight="10.0" severity="medium"><version>SLES-12-010440</version><title>SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system allows a user to boot into single-user or maintenance mode without authentication, any user that invokes single-user or maintenance mode is granted privileged access to all system information.
 
 If the system is running in EFI mode, SLES 12 by default will use GRUB 2 EFI as the boot loader.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91841</ident><ident system="http://cyber.mil/legacy">V-77145</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-18371r369592_fix">Note: If the system does not use UEFI, this requirement is Not Applicable.
 
@@ -802,10 +780,10 @@ Check that the encrypted password is set for a boot user with the following comm
 
 password_pbkdf2 boot grub.pbkdf2.sha512.10000.VeryLongString
 
-If the boot user password entry does not begin with "password_pbkdf2", this is a finding.</check-content></check></Rule></Group><Group id="V-217146"><title>SRG-OS-000185-GPOS-00079</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217146r854086_rule" weight="10.0" severity="medium"><version>SLES-12-010450</version><title>All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.</title><description>&lt;VulnDiscussion&gt;SUSE operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
-
-Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).
-
+If the boot user password entry does not begin with "password_pbkdf2", this is a finding.</check-content></check></Rule></Group><Group id="V-217146"><title>SRG-OS-000185-GPOS-00079</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217146r1015305_rule" weight="10.0" severity="high"><version>SLES-12-010450</version><title>All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.</title><description>&lt;VulnDiscussion&gt;SUSE operating systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+
+Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).
+
 Satisfies: SRG-OS-000185-GPOS-00079, SRG-OS-000404-GPOS-00183, SRG-OS-000405-GPOS-00184&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77147</ident><ident system="http://cyber.mil/legacy">SV-91843</ident><ident system="http://cyber.mil/cci">CCI-001199</ident><ident system="http://cyber.mil/cci">CCI-002475</ident><fixtext fixref="F-18372r369595_fix">Configure the SUSE operating system to prevent unauthorized modification of all information at rest by using disk encryption. 
 
 Encrypting a partition in an already-installed system is more difficult because of the need to resize and change existing partitions. To encrypt an entire partition, dedicate a partition for encryption in the partition layout. The standard partitioning proposal as suggested by YaST (installation and configuration tool for Linux) does not include an encrypted partition by default. Add it manually in the partitioning dialog.
@@ -834,7 +812,7 @@ truecrypt  /dev/sda3       /etc/container_password  tcrypt
 
 Every persistent disk partition present on the system must have an entry in the file. 
 
-If any partitions other than pseudo file systems (such as /proc or /sys) are not listed or "/etc/crypttab" does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-217147"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217147r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010460</version><title>The sticky bit must be set on all SUSE operating system world-writable directories.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, and hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If any partitions other than pseudo file systems (such as /proc or /sys) are not listed or "/etc/crypttab" does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-217147"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217147r958524_rule" weight="10.0" severity="medium"><version>SLES-12-010460</version><title>The sticky bit must be set on all SUSE operating system world-writable directories.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, and hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
 This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
 
@@ -854,7 +832,7 @@ Check that world-writable directories have the sticky bit set with the following
 
 256 0 drwxrwxrwt 1 root root 4096 Jun 14 06:45 /tmp
 
-If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.</check-content></check></Rule></Group><Group id="V-217148"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217148r902840_rule" weight="10.0" severity="medium"><version>SLES-12-010500</version><title>Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the SUSE operating system. Changes to SUSE operating system configurations can have unintended side effects, some of which may be relevant to security.
+If any of the returned directories do not have the sticky bit set, or are not documented as having the write permission for the other class, this is a finding.</check-content></check></Rule></Group><Group id="V-217148"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217148r958794_rule" weight="10.0" severity="medium"><version>SLES-12-010500</version><title>Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the SUSE operating system. Changes to SUSE operating system configurations can have unintended side effects, some of which may be relevant to security.
 
 Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the SUSE operating system. The SUSE operating system's Information System Security Manager (ISSM)/Information System Security Officer (ISSO) and System Administrator (SAs) must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77151</ident><ident system="http://cyber.mil/legacy">SV-91847</ident><ident system="http://cyber.mil/cci">CCI-002696</ident><ident system="http://cyber.mil/cci">CCI-002699</ident><ident system="http://cyber.mil/cci">CCI-001744</ident><fixtext fixref="F-18374r902839_fix">Configure the SUSE operating system to check the baseline configuration for unauthorized changes at least once weekly.
 
@@ -864,7 +842,7 @@ The following example output is generic. It will set cron to run AIDE weekly, bu
 
      # sudo crontab -l
 
-     0 0 * * 6 /usr/bin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
+     0 0 * * 6 /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
 
 Note: Per requirement SLES-12-010498, the "mailx" package must be installed on the system to enable email functionality.</fixtext><fix id="F-18374r902839_fix" /><check system="C-18376r902838_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system checks the baseline configuration for unauthorized changes at least once weekly.
 
@@ -881,7 +859,7 @@ If the file integrity application does not exist, or a "crontab" entry does not
 
 Inspect the file and ensure that the file integrity tool is being executed.
 
-If a file integrity tool is not configured in the crontab or in a script that runs at least weekly, this is a finding.</check-content></check></Rule></Group><Group id="V-217149"><title>SRG-OS-000447-GPOS-00201</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217149r902843_rule" weight="10.0" severity="medium"><version>SLES-12-010510</version><title>The SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions.</title><description>&lt;VulnDiscussion&gt;If anomalies are not acted on, security functions may fail to secure the system. 
+If a file integrity tool is not configured in the crontab or in a script that runs at least weekly, this is a finding.</check-content></check></Rule></Group><Group id="V-217149"><title>SRG-OS-000447-GPOS-00201</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217149r958948_rule" weight="10.0" severity="medium"><version>SLES-12-010510</version><title>The SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions.</title><description>&lt;VulnDiscussion&gt;If anomalies are not acted on, security functions may fail to secure the system. 
 
 Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
@@ -891,20 +869,20 @@ This capability must take into account operational requirements for availability
 
 Add following command to a cron job replacing the "[E-MAIL]" parameter with a proper email address for the SA:
 
-     /usr/bin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
+     /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
 
 Note: Per requirement SLES-12-010498, the "mailx" package must be installed on the system to enable email functionality.</fixtext><fix id="F-18375r902842_fix" /><check system="C-18377r902841_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system notifies the SA when AIDE discovers anomalies in the operation of any security functions.
 
 Check to see if the aide cron job sends an email when executed with the following command:
 
      # sudo crontab -l 
-     0 0 * * 6 /usr/bin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
+     0 0 * * 6 /usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily AIDE integrity check run" root@example_server_name.mil
 
 If a "crontab" entry does not exist, check the cron directories for a script that runs the file integrity application and is configured to execute a binary to send an email:
 
      # ls -al /etc/cron.daily /etc/cron.weekly
 
-If a cron job is not configured to execute a binary to send an email (such as "/bin/mail"), this is a finding.</check-content></check></Rule></Group><Group id="V-217150"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217150r880939_rule" weight="10.0" severity="low"><version>SLES-12-010520</version><title>The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs).</title><description>&lt;VulnDiscussion&gt;ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77155</ident><ident system="http://cyber.mil/legacy">SV-91851</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18376r369607_fix">Configure the SUSE operating system file integrity tool to check file and directory ACLs. 
+If a cron job is not configured to execute a binary to send an email (such as "/bin/mail"), this is a finding.</check-content></check></Rule></Group><Group id="V-217150"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217150r991589_rule" weight="10.0" severity="low"><version>SLES-12-010520</version><title>The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs).</title><description>&lt;VulnDiscussion&gt;ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77155</ident><ident system="http://cyber.mil/legacy">SV-91851</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18376r369607_fix">Configure the SUSE operating system file integrity tool to check file and directory ACLs. 
 
 If AIDE is installed, ensure the "acl" rule is present on all file and directory selection lists.</fixtext><fix id="F-18376r369607_fix" /><check system="C-18378r880938_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system file integrity tool is configured to verify ACLs.
 
@@ -916,7 +894,7 @@ An example rule that includes the "acl" rule follows:
      /bin All # apply the custom rule to the files in bin 
      /sbin All # apply the same custom rule to the files in sbin 
 
-If the "acl" rule is not being used on all selection lines in the "/etc/aide.conf" file, or ACLs are not being checked by another file integrity tool, this is a finding.</check-content></check></Rule></Group><Group id="V-217151"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217151r880941_rule" weight="10.0" severity="low"><version>SLES-12-010530</version><title>The SUSE operating system file integrity tool must be configured to verify extended attributes.</title><description>&lt;VulnDiscussion&gt;Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91853</ident><ident system="http://cyber.mil/legacy">V-77157</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18377r369610_fix">Configure the SUSE operating system file integrity tool to check file and directory extended attributes. 
+If the "acl" rule is not being used on all selection lines in the "/etc/aide.conf" file, or ACLs are not being checked by another file integrity tool, this is a finding.</check-content></check></Rule></Group><Group id="V-217151"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217151r991589_rule" weight="10.0" severity="low"><version>SLES-12-010530</version><title>The SUSE operating system file integrity tool must be configured to verify extended attributes.</title><description>&lt;VulnDiscussion&gt;Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91853</ident><ident system="http://cyber.mil/legacy">V-77157</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18377r369610_fix">Configure the SUSE operating system file integrity tool to check file and directory extended attributes. 
 
 If AIDE is installed, ensure the "xattrs" rule is present on all file and directory selection lists.</fixtext><fix id="F-18377r369610_fix" /><check system="C-18379r880940_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system file integrity tool is configured to verify extended attributes.
 
@@ -928,7 +906,7 @@ An example rule that includes the "xattrs" rule follows:
      /bin All # apply the custom rule to the files in bin 
      /sbin All # apply the same custom rule to the files in sbin 
 
-If the "xattrs" rule is not being used on all selection lines in the "/etc/aide.conf" file, or extended attributes are not being checked by another file integrity tool, this is a finding.</check-content></check></Rule></Group><Group id="V-217152"><title>SRG-OS-000278-GPOS-00108</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217152r877393_rule" weight="10.0" severity="medium"><version>SLES-12-010540</version><title>The SUSE operating system file integrity tool must be configured to protect the integrity of the audit tools.</title><description>&lt;VulnDiscussion&gt;Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.
+If the "xattrs" rule is not being used on all selection lines in the "/etc/aide.conf" file, or extended attributes are not being checked by another file integrity tool, this is a finding.</check-content></check></Rule></Group><Group id="V-217152"><title>SRG-OS-000278-GPOS-00108</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217152r991567_rule" weight="10.0" severity="medium"><version>SLES-12-010540</version><title>The SUSE operating system file integrity tool must be configured to protect the integrity of the audit tools.</title><description>&lt;VulnDiscussion&gt;Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.
 
 Audit tools include but are not limited to vendor-provided and open-source audit tools needed to successfully view and manipulate audit information system activity and records. Audit tools include custom queries and report generators.
 
@@ -961,11 +939,11 @@ Check that AIDE is properly configured to protect the integrity of the audit too
 
 If AIDE is configured properly to protect the integrity of the audit tools, all lines listed above will be returned from the command. 
 
-If one or more lines are missing, this is a finding.</check-content></check></Rule></Group><Group id="V-217153"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217153r877463_rule" weight="10.0" severity="medium"><version>SLES-12-010550</version><title>The SUSE operating system tool zypper must have gpgcheck enabled.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the SUSE operating system. This requirement ensures the software has not been tampered with and has been provided by a trusted vendor.
+If one or more lines are missing, this is a finding.</check-content></check></Rule></Group><Group id="V-217153"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217153r1015220_rule" weight="10.0" severity="medium"><version>SLES-12-010550</version><title>The SUSE operating system tool zypper must have gpgcheck enabled.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the SUSE operating system. This requirement ensures the software has not been tampered with and has been provided by a trusted vendor.
 
 Accordingly, patches, service packs, device drivers, or SUSE operating system components must be signed with a certificate recognized and approved by the organization.
 
-Verifying the authenticity of the software prior to installation validates the integrity of the patch or upgrade received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor. Self-signed certificates are disallowed by this requirement. The SUSE operating system should not have to verify the software again. This requirement does not mandate DoD certificates for this purpose; however, the certificate used to verify the software must be from an approved Certification Authority (CA).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77161</ident><ident system="http://cyber.mil/legacy">SV-91857</ident><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-18379r646715_fix">Configure that the SUSE operating system tool zypper to enable gpgcheck by editing or adding the following line to "/etc/zypp/zypp.conf":
+Verifying the authenticity of the software prior to installation validates the integrity of the patch or upgrade received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor. Self-signed certificates are disallowed by this requirement. The SUSE operating system should not have to verify the software again. This requirement does not mandate DoD certificates for this purpose; however, the certificate used to verify the software must be from an approved Certification Authority (CA).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77161</ident><ident system="http://cyber.mil/legacy">SV-91857</ident><ident system="http://cyber.mil/cci">CCI-001749</ident><ident system="http://cyber.mil/cci">CCI-003992</ident><fixtext fixref="F-18379r646715_fix">Configure that the SUSE operating system tool zypper to enable gpgcheck by editing or adding the following line to "/etc/zypp/zypp.conf":
 
 gpgcheck = 1</fixtext><fix id="F-18379r646715_fix" /><check system="C-18381r646714_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system tool zypper has gpgcheck enabled.
 
@@ -975,7 +953,7 @@ Check that zypper has gpgcheck enabled with the following command:
 
 gpgcheck = 1
 
-If "gpgcheck" is set to "0", "off", "no", or "false", this is a finding.</check-content></check></Rule></Group><Group id="V-217154"><title>SRG-OS-000437-GPOS-00194</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217154r854090_rule" weight="10.0" severity="medium"><version>SLES-12-010570</version><title>The SUSE operating system must remove all outdated software components after updated versions have been installed.</title><description>&lt;VulnDiscussion&gt;Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77163</ident><ident system="http://cyber.mil/legacy">SV-91859</ident><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-18380r369619_fix">Configure the SUSE operating system to remove all outdated software components after an update by editing the following line in "/etc/zypp/zypp.conf" to match the one provided below:
+If "gpgcheck" is set to "0", "off", "no", or "false", this is a finding.</check-content></check></Rule></Group><Group id="V-217154"><title>SRG-OS-000437-GPOS-00194</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217154r958936_rule" weight="10.0" severity="medium"><version>SLES-12-010570</version><title>The SUSE operating system must remove all outdated software components after updated versions have been installed.</title><description>&lt;VulnDiscussion&gt;Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77163</ident><ident system="http://cyber.mil/legacy">SV-91859</ident><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-18380r369619_fix">Configure the SUSE operating system to remove all outdated software components after an update by editing the following line in "/etc/zypp/zypp.conf" to match the one provided below:
 
 solver.upgradeRemoveDroppedPackages = true</fixtext><fix id="F-18380r369619_fix" /><check system="C-18382r369618_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system removes all outdated software components after updated version have been installed by running the following command:
 
@@ -983,7 +961,7 @@ solver.upgradeRemoveDroppedPackages = true</fixtext><fix id="F-18380r369619_fix"
 
 solver.upgradeRemoveDroppedPackages = true
 
-If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217155"><title>SRG-OS-000378-GPOS-00163</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217155r854091_rule" weight="10.0" severity="medium"><version>SLES-12-010580</version><title>The SUSE operating system must disable the USB mass storage kernel module.</title><description>&lt;VulnDiscussion&gt;Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
+If "solver.upgradeRemoveDroppedPackages" is commented out, is set to "false", or is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217155"><title>SRG-OS-000378-GPOS-00163</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217155r958820_rule" weight="10.0" severity="medium"><version>SLES-12-010580</version><title>The SUSE operating system must disable the USB mass storage kernel module.</title><description>&lt;VulnDiscussion&gt;Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
 
 Peripherals include but are not limited to such devices as flash drives, external storage, and printers.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91861</ident><ident system="http://cyber.mil/legacy">V-77165</ident><ident system="http://cyber.mil/cci">CCI-001958</ident><fixtext fixref="F-18381r369622_fix">Configure the SUSE operating system to prevent USB mass storage devices from automounting when connected to the host.
 
@@ -996,7 +974,7 @@ Check that "usb-storage" is blacklisted in the "/etc/modprobe.d/50-blacklist.con
 # grep usb-storage /etc/modprobe.d/50-blacklist.conf
 blacklist usb-storage
 
-If nothing is output from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-217156"><title>SRG-OS-000114-GPOS-00059</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217156r854092_rule" weight="10.0" severity="medium"><version>SLES-12-010590</version><title>The SUSE operating system must disable the file system automounter unless required.</title><description>&lt;VulnDiscussion&gt;Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.
+If nothing is output from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-217156"><title>SRG-OS-000114-GPOS-00059</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217156r958498_rule" weight="10.0" severity="medium"><version>SLES-12-010590</version><title>The SUSE operating system must disable the file system automounter unless required.</title><description>&lt;VulnDiscussion&gt;Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.
 
 Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPOS-00227&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77167</ident><ident system="http://cyber.mil/legacy">SV-91863</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><ident system="http://cyber.mil/cci">CCI-000778</ident><ident system="http://cyber.mil/cci">CCI-001958</ident><fixtext fixref="F-18382r369625_fix">Configure the SUSE operating system to disable the ability to automount devices.
 
@@ -1014,7 +992,7 @@ autofs.service - Automounts filesystems on demand
 Loaded: loaded (/usr/lib/systemd/system/autofs.service; disabled)
 Active: inactive (dead)
 
-If the "autofs" status is set to "active" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217158"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217158r854093_rule" weight="10.0" severity="medium"><version>SLES-12-010600</version><title>The SUSE operating system Apparmor tool must be configured to control whitelisted applications and user home directory access control.</title><description>&lt;VulnDiscussion&gt;Using a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of potential vulnerabilities.
+If the "autofs" status is set to "active" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217158"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217158r958702_rule" weight="10.0" severity="medium"><version>SLES-12-010600</version><title>The SUSE operating system Apparmor tool must be configured to control whitelisted applications and user home directory access control.</title><description>&lt;VulnDiscussion&gt;Using a whitelist provides a configuration management method for allowing the execution of only authorized software. Using only authorized software decreases risk by limiting the number of potential vulnerabilities.
 
 The organization must identify authorized software programs and permit execution of authorized software by adding each authorized program to the "pam_apparmor" exception policy. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -1054,7 +1032,7 @@ Active: active (exited) since Fri 2017-01-13 01:01:01 GMT; 1day 1h ago
 
 If something other than "Active: active" is returned, this is a finding.
 
-Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.</check-content></check></Rule></Group><Group id="V-217159"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217159r646722_rule" weight="10.0" severity="high"><version>SLES-12-010610</version><title>The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91867</ident><ident system="http://cyber.mil/legacy">V-77171</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18385r646721_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the command line with the following commands:
+Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.</check-content></check></Rule></Group><Group id="V-217159"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217159r991589_rule" weight="10.0" severity="high"><version>SLES-12-010610</version><title>The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91867</ident><ident system="http://cyber.mil/legacy">V-77171</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18385r646721_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the command line with the following commands:
 
 &gt; sudo systemctl disable ctrl-alt-del.target
 
@@ -1071,7 +1049,7 @@ Check that the ctrl-alt-del.target is masked with the following command:
 Loaded: masked (/dev/null; masked)
 Active: inactive (dead)
 
-If the ctrl-alt-del.target is not masked, this is a finding.</check-content></check></Rule></Group><Group id="V-217160"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217160r646725_rule" weight="10.0" severity="high"><version>SLES-12-010611</version><title>The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-108091</ident><ident system="http://cyber.mil/legacy">V-98987</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18386r646724_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the graphical user interface.
+If the ctrl-alt-del.target is not masked, this is a finding.</check-content></check></Rule></Group><Group id="V-217160"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217160r991589_rule" weight="10.0" severity="high"><version>SLES-12-010611</version><title>The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces.</title><description>&lt;VulnDiscussion&gt;A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-108091</ident><ident system="http://cyber.mil/legacy">V-98987</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18386r646724_fix">Configure the system to disable the Ctrl-Alt-Delete sequence for the graphical user interface.
 
 Create a database to contain the system-wide setting (if it does not already exist) with the following steps: 
 
@@ -1113,7 +1091,7 @@ Check that the value is not writable and cannot be changed by the user:
 &gt; sudo gsettings writable org.gnome.settings-daemon.plugins.media-keys logout
 false
 
-If the logout value is not [''] and the writable status is not false, this is a finding.</check-content></check></Rule></Group><Group id="V-217161"><title>SRG-OS-000480-GPOS-00228</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217161r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010620</version><title>The SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.</title><description>&lt;VulnDiscussion&gt;Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91869</ident><ident system="http://cyber.mil/legacy">V-77173</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18387r369640_fix">Configure the SUSE operating system to define the default permissions for all authenticated users in such a way that the users can only read and modify their own files.
+If the logout value is not [''] and the writable status is not false, this is a finding.</check-content></check></Rule></Group><Group id="V-217161"><title>SRG-OS-000480-GPOS-00228</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217161r991590_rule" weight="10.0" severity="medium"><version>SLES-12-010620</version><title>The SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.</title><description>&lt;VulnDiscussion&gt;Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91869</ident><ident system="http://cyber.mil/legacy">V-77173</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18387r369640_fix">Configure the SUSE operating system to define the default permissions for all authenticated users in such a way that the users can only read and modify their own files.
 
 Add or edit the "UMASK" parameter in the "/etc/login.defs" file to match the example below:
 
@@ -1127,7 +1105,7 @@ UMASK 077
 
 If the "UMASK" variable is set to "000", the severity is raised to a CAT I, and this is a finding.
 
-If the value of "UMASK" is not set to "077", "UMASK" is commented out, or "UMASK" is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217162"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217162r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010630</version><title>The SUSE operating system must not have unnecessary accounts.</title><description>&lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77175</ident><ident system="http://cyber.mil/legacy">SV-91871</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18388r369643_fix">Configure the SUSE operating system so all accounts on the system are assigned to an active system, application, or user account. 
+If the value of "UMASK" is not set to "077", "UMASK" is commented out, or "UMASK" is missing completely, this is a finding.</check-content></check></Rule></Group><Group id="V-217162"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217162r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010630</version><title>The SUSE operating system must not have unnecessary accounts.</title><description>&lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and application accounts for applications not installed on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77175</ident><ident system="http://cyber.mil/legacy">SV-91871</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18388r369643_fix">Configure the SUSE operating system so all accounts on the system are assigned to an active system, application, or user account. 
 
 Remove accounts that do not support approved system activities or that allow for a normal user to perform administrative-level actions. 
 
@@ -1144,7 +1122,7 @@ games:x:12:100:Games account:/var/games:/bin/bash
 
 Accounts such as "games" and "gopher" are not authorized accounts as they do not support authorized system functions. 
 
-If the accounts on the system do not match the provided documentation, this is a finding.</check-content></check></Rule></Group><Group id="V-217163"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217163r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010640</version><title>The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.</title><description>&lt;VulnDiscussion&gt;To assure accountability and prevent unauthenticated access, interactive users must be identified and authenticated to prevent potential misuse and compromise of the system.
+If the accounts on the system do not match the provided documentation, this is a finding.</check-content></check></Rule></Group><Group id="V-217163"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217163r958482_rule" weight="10.0" severity="medium"><version>SLES-12-010640</version><title>The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.</title><description>&lt;VulnDiscussion&gt;To assure accountability and prevent unauthenticated access, interactive users must be identified and authenticated to prevent potential misuse and compromise of the system.
 
 Interactive users include organizational employees or individuals the organization deems to have equivalent status of employees (e.g., contractors). Interactive users (and processes acting on behalf of users) must be uniquely identified and authenticated to all accesses, except for the following: 
 
@@ -1160,7 +1138,7 @@ Check that the SUSE operating system contains no duplicate UIDs for interactive
 
 # awk -F ":" 'list[$3]++{print $1, $3}' /etc/passwd
 
-If output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-217164"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217164r603262_rule" weight="10.0" severity="high"><version>SLES-12-010650</version><title>The SUSE operating system root account must be the only account having unrestricted access to the system.</title><description>&lt;VulnDiscussion&gt;If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire SUSE operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77179</ident><ident system="http://cyber.mil/legacy">SV-91875</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18390r369649_fix">Change the UID of any account on the SUSE operating system, other than the root account, that has a UID of "0". 
+If output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-217164"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217164r991589_rule" weight="10.0" severity="high"><version>SLES-12-010650</version><title>The SUSE operating system root account must be the only account having unrestricted access to the system.</title><description>&lt;VulnDiscussion&gt;If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire SUSE operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77179</ident><ident system="http://cyber.mil/legacy">SV-91875</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18390r369649_fix">Change the UID of any account on the SUSE operating system, other than the root account, that has a UID of "0". 
 
 If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.</fixtext><fix id="F-18390r369649_fix" /><check system="C-18392r369648_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system root account is the only account with unrestricted access to the system.
 
@@ -1170,7 +1148,7 @@ Check the system for duplicate UID "0" assignments with the following command:
 
 root
 
-If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217166"><title>SRG-OS-000383-GPOS-00166</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217166r854094_rule" weight="10.0" severity="medium"><version>SLES-12-010670</version><title>If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.</title><description>&lt;VulnDiscussion&gt;If cached authentication information is out of date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77183</ident><ident system="http://cyber.mil/legacy">SV-91879</ident><ident system="http://cyber.mil/cci">CCI-002007</ident><fixtext fixref="F-18392r369655_fix">Configure NSS, if used by the SUSE operating system, to prohibit the use of cached authentications after one day. 
+If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217166"><title>SRG-OS-000383-GPOS-00166</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217166r958828_rule" weight="10.0" severity="medium"><version>SLES-12-010670</version><title>If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.</title><description>&lt;VulnDiscussion&gt;If cached authentication information is out of date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77183</ident><ident system="http://cyber.mil/legacy">SV-91879</ident><ident system="http://cyber.mil/cci">CCI-002007</ident><fixtext fixref="F-18392r369655_fix">Configure NSS, if used by the SUSE operating system, to prohibit the use of cached authentications after one day. 
 
 Add or change the following line in "/etc/sssd/sssd.conf" just below the line "[nss]":
 
@@ -1184,7 +1162,7 @@ Check that cached authentications cannot be used after one day with the followin
 
 memcache_timeout = 86400
 
-If "memcache_timeout" has a value greater than "86400", or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-217167"><title>SRG-OS-000383-GPOS-00166</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217167r854095_rule" weight="10.0" severity="medium"><version>SLES-12-010680</version><title>The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.</title><description>&lt;VulnDiscussion&gt;If cached authentication information is out of date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77185</ident><ident system="http://cyber.mil/legacy">SV-91881</ident><ident system="http://cyber.mil/cci">CCI-002007</ident><fixtext fixref="F-18393r369658_fix">Configure the SUSE operating system PAM to prohibit the use of cached authentications after one day. 
+If "memcache_timeout" has a value greater than "86400", or is missing, this is a finding.</check-content></check></Rule></Group><Group id="V-217167"><title>SRG-OS-000383-GPOS-00166</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217167r958828_rule" weight="10.0" severity="medium"><version>SLES-12-010680</version><title>The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.</title><description>&lt;VulnDiscussion&gt;If cached authentication information is out of date, the validity of the authentication information may be questionable.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77185</ident><ident system="http://cyber.mil/legacy">SV-91881</ident><ident system="http://cyber.mil/cci">CCI-002007</ident><fixtext fixref="F-18393r369658_fix">Configure the SUSE operating system PAM to prohibit the use of cached authentications after one day. 
 
 Add or change the following line in "/etc/sssd/sssd.conf" just below the line "[pam]":
 
@@ -1198,7 +1176,7 @@ Check that cached off line authentications cannot be used after one day with the
 
 offline_credentials_expiration = 1
 
-If "offline_credentials_expiration" is not set to a value of "1", this is a finding.</check-content></check></Rule></Group><Group id="V-217168"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217168r854096_rule" weight="10.0" severity="medium"><version>SLES-12-010690</version><title>All SUSE operating system files and directories must have a valid owner.</title><description>&lt;VulnDiscussion&gt;Unowned files and directories may be unintentionally inherited if a user is assigned the same User Identifier (UID) as the UID of the unowned files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91883</ident><ident system="http://cyber.mil/legacy">V-77187</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-18394r369661_fix">Either remove all files and directories from the SUSE operating system that do not have a valid user, or assign a valid user to all unowned files and directories on the system with the "chown" command:
+If "offline_credentials_expiration" is not set to a value of "1", this is a finding.</check-content></check></Rule></Group><Group id="V-217168"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217168r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010690</version><title>All SUSE operating system files and directories must have a valid owner.</title><description>&lt;VulnDiscussion&gt;Unowned files and directories may be unintentionally inherited if a user is assigned the same User Identifier (UID) as the UID of the unowned files.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91883</ident><ident system="http://cyber.mil/legacy">V-77187</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-18394r369661_fix">Either remove all files and directories from the SUSE operating system that do not have a valid user, or assign a valid user to all unowned files and directories on the system with the "chown" command:
 
 # sudo chown &lt;user&gt; &lt;file&gt;</fixtext><fix id="F-18394r369661_fix" /><check system="C-18396r369660_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that all SUSE operating system files and directories on the system have a valid owner.
 
@@ -1208,7 +1186,7 @@ Note: The value after -fstype must be replaced with the filesystem type. XFS is
 
 # find / -fstype xfs -nouser
 
-If any files on the system do not have an assigned owner, this is a finding.</check-content></check></Rule></Group><Group id="V-217169"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217169r854097_rule" weight="10.0" severity="medium"><version>SLES-12-010700</version><title>All SUSE operating system files and directories must have a valid group owner.</title><description>&lt;VulnDiscussion&gt;Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91889</ident><ident system="http://cyber.mil/legacy">V-77193</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-18395r369664_fix">Either remove all files and directories from the SUSE operating system that do not have a valid group, or assign a valid group to all files and directories on the system with the "chgrp" command:
+If any files on the system do not have an assigned owner, this is a finding.</check-content></check></Rule></Group><Group id="V-217169"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217169r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010700</version><title>All SUSE operating system files and directories must have a valid group owner.</title><description>&lt;VulnDiscussion&gt;Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91889</ident><ident system="http://cyber.mil/legacy">V-77193</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-18395r369664_fix">Either remove all files and directories from the SUSE operating system that do not have a valid group, or assign a valid group to all files and directories on the system with the "chgrp" command:
 
 # sudo chgrp &lt;group&gt; &lt;file&gt;</fixtext><fix id="F-18395r369664_fix" /><check system="C-18397r369663_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify all SUSE operating system files and directories on the system have a valid group.
 
@@ -1218,7 +1196,7 @@ Note: The value after -fstype must be replaced with the filesystem type. XFS is
 
 # find / -fstype xfs -nogroup
 
-If any files on the system do not have an assigned group, this is a finding.</check-content></check></Rule></Group><Group id="V-217170"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217170r646728_rule" weight="10.0" severity="medium"><version>SLES-12-010710</version><title>All SUSE operating system local interactive users must have a home directory assigned in the /etc/passwd file.</title><description>&lt;VulnDiscussion&gt;If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91893</ident><ident system="http://cyber.mil/legacy">V-77197</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18396r646727_fix">Assign home directories to all SUSE operating system local interactive users that currently do not have a home directory assigned.
+If any files on the system do not have an assigned group, this is a finding.</check-content></check></Rule></Group><Group id="V-217170"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217170r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010710</version><title>All SUSE operating system local interactive users must have a home directory assigned in the /etc/passwd file.</title><description>&lt;VulnDiscussion&gt;If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91893</ident><ident system="http://cyber.mil/legacy">V-77197</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18396r646727_fix">Assign home directories to all SUSE operating system local interactive users that currently do not have a home directory assigned.
 
 Assign a home directory to users via the usermod command:
 
@@ -1233,7 +1211,7 @@ Ask the System Administrator (SA) if any users found without home directories ar
 
 &gt; sudo awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $1, $3, $6}' /etc/passwd
 
-If any interactive users do not have a home directory assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-217171"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217171r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010720</version><title>All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory.</title><description>&lt;VulnDiscussion&gt;If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77199</ident><ident system="http://cyber.mil/legacy">SV-91895</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18397r369670_fix">Configure the SUSE operating system to assign home directories to all new local interactive users by setting the "CREATE_HOME" parameter in "/etc/login.defs" to "yes" as follows.
+If any interactive users do not have a home directory assigned, this is a finding.</check-content></check></Rule></Group><Group id="V-217171"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217171r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010720</version><title>All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory.</title><description>&lt;VulnDiscussion&gt;If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77199</ident><ident system="http://cyber.mil/legacy">SV-91895</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18397r369670_fix">Configure the SUSE operating system to assign home directories to all new local interactive users by setting the "CREATE_HOME" parameter in "/etc/login.defs" to "yes" as follows.
 
 CREATE_HOME yes</fixtext><fix id="F-18397r369670_fix" /><check system="C-18399r369669_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify all SUSE operating system local interactive users on the system are assigned a home directory upon creation.
 
@@ -1242,7 +1220,7 @@ Check to see if the system is configured to create home directories for local in
 # grep -i create_home /etc/login.defs
 CREATE_HOME yes
 
-If the value for "CREATE_HOME" parameter is not set to "yes", the line is missing, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217172"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217172r603885_rule" weight="10.0" severity="medium"><version>SLES-12-010730</version><title>All SUSE operating system local interactive user home directories defined in the /etc/passwd file must exist.</title><description>&lt;VulnDiscussion&gt;If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon. This could create a Denial of Service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91899</ident><ident system="http://cyber.mil/legacy">V-77203</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18398r369673_fix">Create home directories to all SUSE operating system local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":
+If the value for "CREATE_HOME" parameter is not set to "yes", the line is missing, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217172"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217172r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010730</version><title>All SUSE operating system local interactive user home directories defined in the /etc/passwd file must exist.</title><description>&lt;VulnDiscussion&gt;If a local interactive user has a home directory defined that does not exist, the user may be given access to the / directory as the current working directory upon logon. This could create a Denial of Service because the user would not be able to access their logon configuration files, and it may give them visibility to system files they normally would not be able to access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91899</ident><ident system="http://cyber.mil/legacy">V-77203</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18398r369673_fix">Create home directories to all SUSE operating system local interactive users that currently do not have a home directory assigned. Use the following commands to create the user home directory assigned in "/etc/ passwd":
 
 Note: The example will be for the user smithj, who has a home directory of "/home/smithj", a UID of "smithj", and a Group Identifier (GID) of "users assigned" in "/etc/passwd".
 
@@ -1265,7 +1243,7 @@ Check that all referenced home directories exist with the following command:
 
 user 'smithj': directory '/home/smithj' does not exist
 
-If any home directories referenced in "/etc/passwd" are returned as not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-217173"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217173r603887_rule" weight="10.0" severity="medium"><version>SLES-12-010740</version><title>All SUSE operating system local interactive user home directories must have mode 0750 or less permissive.</title><description>&lt;VulnDiscussion&gt;Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91903</ident><ident system="http://cyber.mil/legacy">V-77207</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18399r369676_fix">Change the mode of SUSE operating system local interactive user's home directories to "0750". To change the mode of a local interactive user's home directory, use the following command:
+If any home directories referenced in "/etc/passwd" are returned as not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-217173"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217173r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010740</version><title>All SUSE operating system local interactive user home directories must have mode 0750 or less permissive.</title><description>&lt;VulnDiscussion&gt;Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91903</ident><ident system="http://cyber.mil/legacy">V-77207</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18399r369676_fix">Change the mode of SUSE operating system local interactive user's home directories to "0750". To change the mode of a local interactive user's home directory, use the following command:
 
 Note: The example will be for the user "smithj".
 
@@ -1278,7 +1256,7 @@ Note: This may miss interactive users that have been assigned a privileged User
 # ls -ld $(awk -F: '($3&gt;=1000)&amp;&amp;($7 !~ /nologin/){print $6}' /etc/passwd)
 -rwxr-x--- 1 smithj users  18 Mar  5 17:06 /home/smithj
 
-If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.</check-content></check></Rule></Group><Group id="V-217174"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217174r603889_rule" weight="10.0" severity="medium"><version>SLES-12-010750</version><title>All SUSE operating system local interactive user home directories must be group-owned by the home directory owners primary group.</title><description>&lt;VulnDiscussion&gt;If the Group Identifier (GID) of a local interactive user’s home directory is not the same as the primary GID of the user, this would allow unauthorized access to the user’s files, and users that share the same group may not be able to access files that they legitimately should.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91907</ident><ident system="http://cyber.mil/legacy">V-77211</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18400r369679_fix">Change the group owner of a SUSE operating system local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:
+If home directories referenced in "/etc/passwd" do not have a mode of "0750" or less permissive, this is a finding.</check-content></check></Rule></Group><Group id="V-217174"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217174r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010750</version><title>All SUSE operating system local interactive user home directories must be group-owned by the home directory owners primary group.</title><description>&lt;VulnDiscussion&gt;If the Group Identifier (GID) of a local interactive user’s home directory is not the same as the primary GID of the user, this would allow unauthorized access to the user’s files, and users that share the same group may not be able to access files that they legitimately should.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91907</ident><ident system="http://cyber.mil/legacy">V-77211</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18400r369679_fix">Change the group owner of a SUSE operating system local interactive user's home directory to the group found in "/etc/passwd". To change the group owner of a local interactive user's home directory, use the following command:
 
 Note: The example will be for the user "smithj", who has a home directory of "/home/smithj", and has a primary group of users.
 
@@ -1296,7 +1274,7 @@ Check the user's primary group with the following command:
 # grep users /etc/group
 users:x:250:smithj,jonesj,jacksons
 
-If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.</check-content></check></Rule></Group><Group id="V-217175"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217175r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010760</version><title>All SUSE operating system local initialization files must have mode 0740 or less permissive.</title><description>&lt;VulnDiscussion&gt;Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91911</ident><ident system="http://cyber.mil/legacy">V-77215</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18401r369682_fix">Set the mode of SUSE operating system local initialization files to "0740" with the following command:
+If the user home directory referenced in "/etc/passwd" is not group-owned by that user's primary GID, this is a finding.</check-content></check></Rule></Group><Group id="V-217175"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217175r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010760</version><title>All SUSE operating system local initialization files must have mode 0740 or less permissive.</title><description>&lt;VulnDiscussion&gt;Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91911</ident><ident system="http://cyber.mil/legacy">V-77215</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18401r369682_fix">Set the mode of SUSE operating system local initialization files to "0740" with the following command:
 
 Note: The example will be for the smithj user, who has a home directory of "/home/smithj".
 
@@ -1311,7 +1289,7 @@ Note: The example will be for the user "smithj", who has a home directory of "/h
 -rwxr-xr-x  1 smithj users   497 Jan  6  2007 .login
 -rwxr-xr-x  1 smithj users   886 Jan  6  2007 .something
 
-If any local initialization files have a mode more permissive than "0740", this is a finding.</check-content></check></Rule></Group><Group id="V-217176"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217176r793056_rule" weight="10.0" severity="medium"><version>SLES-12-010770</version><title>All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.</title><description>&lt;VulnDiscussion&gt;The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91915</ident><ident system="http://cyber.mil/legacy">V-77219</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18402r369685_fix">Edit the SUSE operating system local interactive user initialization files to change any PATH variable statements for executables that reference directories other than their home directory. If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-18402r369685_fix" /><check system="C-18404r793055_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.
+If any local initialization files have a mode more permissive than "0740", this is a finding.</check-content></check></Rule></Group><Group id="V-217176"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217176r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010770</version><title>All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.</title><description>&lt;VulnDiscussion&gt;The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91915</ident><ident system="http://cyber.mil/legacy">V-77219</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18402r369685_fix">Edit the SUSE operating system local interactive user initialization files to change any PATH variable statements for executables that reference directories other than their home directory. If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-18402r369685_fix" /><check system="C-18404r793055_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that all SUSE operating system local interactive user initialization files executable search path statements do not contain statements that will reference a working directory other than the user's home directory.
 
 Check the executable search path statement for all operating system local interactive user initialization files in the user's home directory with the following commands:
 
@@ -1320,7 +1298,7 @@ Note: The example will be for the user "smithj", who has a home directory of "/h
 # sudo grep -i path= /home/smithj/.*
 /home/smithj/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
 
-If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217177"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217177r646731_rule" weight="10.0" severity="medium"><version>SLES-12-010780</version><title>All SUSE operating system local initialization files must not execute world-writable programs.</title><description>&lt;VulnDiscussion&gt;If user start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to destroy user files or otherwise compromise the system at the user level. If the system is compromised at the user level, it is easier to elevate privileges to eventually compromise the system at the root and network level.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91921</ident><ident system="http://cyber.mil/legacy">V-77225</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18403r646730_fix">Remove the references to these files in the local initialization scripts or remove the world-writable permission of files referenced by SUSE operating system local initialization scripts with the following command:
+If any local interactive user initialization files have executable search path statements that include directories outside of their home directory, and the additional path statements are not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217177"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217177r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010780</version><title>All SUSE operating system local initialization files must not execute world-writable programs.</title><description>&lt;VulnDiscussion&gt;If user start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to destroy user files or otherwise compromise the system at the user level. If the system is compromised at the user level, it is easier to elevate privileges to eventually compromise the system at the root and network level.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91921</ident><ident system="http://cyber.mil/legacy">V-77225</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18403r646730_fix">Remove the references to these files in the local initialization scripts or remove the world-writable permission of files referenced by SUSE operating system local initialization scripts with the following command:
 
 &gt; sudo chmod 0755 &lt;file&gt;</fixtext><fix id="F-18403r646730_fix" /><check system="C-18405r646729_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that SUSE operating system local initialization files do not execute world-writable programs.
 
@@ -1336,7 +1314,7 @@ users' home directories in the "/home" directory.
 
 &gt; sudo find /home/* -maxdepth 1 -type f -name \.\* -exec grep -H &lt;file&gt; {} \;
 
-If any local initialization files are found to reference world-writable files, this is a finding.</check-content></check></Rule></Group><Group id="V-217178"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217178r603891_rule" weight="10.0" severity="medium"><version>SLES-12-010790</version><title>SUSE operating system file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91925</ident><ident system="http://cyber.mil/legacy">V-77229</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18404r369691_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that contain user home directories for interactive users.
+If any local initialization files are found to reference world-writable files, this is a finding.</check-content></check></Rule></Group><Group id="V-217178"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217178r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010790</version><title>SUSE operating system file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91925</ident><ident system="http://cyber.mil/legacy">V-77229</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18404r369691_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that contain user home directories for interactive users.
 
 Re-mount the filesystems.
 
@@ -1349,7 +1327,7 @@ Print the currently active file system mount options of the file system(s) that
 
 If a file system containing user home directories is not mounted with the FSTYPE OPTION nosuid, this is a finding.
 
-Note: If a separate file system has not been created for the user home directories (user home directories are mounted under "/"), this is not a finding as the "nosuid" option cannot be used on the "/" system.</check-content></check></Rule></Group><Group id="V-217179"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217179r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010800</version><title>SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91933</ident><ident system="http://cyber.mil/legacy">V-77237</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18405r369694_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are associated with removable media.</fixtext><fix id="F-18405r369694_fix" /><check system="C-18407r369693_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.
+Note: If a separate file system has not been created for the user home directories (user home directories are mounted under "/"), this is not a finding as the "nosuid" option cannot be used on the "/" system.</check-content></check></Rule></Group><Group id="V-217179"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217179r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010800</version><title>SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91933</ident><ident system="http://cyber.mil/legacy">V-77237</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18405r369694_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are associated with removable media.</fixtext><fix id="F-18405r369694_fix" /><check system="C-18407r369693_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify SUSE operating system file systems used for removable media are mounted with the "nosuid" option.
 
 Check the file systems that are mounted at boot time with the following command:
 
@@ -1357,7 +1335,7 @@ Check the file systems that are mounted at boot time with the following command:
 
 UUID=2bc871e4-e2a3-4f29-9ece-3be60c835222 /mnt/usbflash vfat noauto,owner,ro,nosuid 0 0
 
-If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-217180"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217180r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010810</version><title>SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91937</ident><ident system="http://cyber.mil/legacy">V-77241</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18406r369697_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are being exported via NFS.</fixtext><fix id="F-18406r369697_fix" /><check system="C-18408r369696_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify SUSE operating system file systems that are being NFS exported are mounted with the "nosuid" option.
+If a file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-217180"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217180r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010810</version><title>SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.</title><description>&lt;VulnDiscussion&gt;The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91937</ident><ident system="http://cyber.mil/legacy">V-77241</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18406r369697_fix">Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are being exported via NFS.</fixtext><fix id="F-18406r369697_fix" /><check system="C-18408r369696_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify SUSE operating system file systems that are being NFS exported are mounted with the "nosuid" option.
 
 Find the file system(s) that contain the directories being exported with the following command:
 
@@ -1365,7 +1343,7 @@ Find the file system(s) that contain the directories being exported with the fol
 
 UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d   /store   nfs   rw,nosuid   0 0
 
-If a file system found in "/etc/fstab" refers to NFS and it does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-217181"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217181r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010820</version><title>SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.</title><description>&lt;VulnDiscussion&gt;The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91947</ident><ident system="http://cyber.mil/legacy">V-77251</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18407r369700_fix">Configure the SUSE operating system "/etc/fstab" file to use the "noexec" option on file systems that are being exported via NFS.</fixtext><fix id="F-18407r369700_fix" /><check system="C-18409r369699_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system file systems that are being NFS exported are mounted with the "noexec" option.
+If a file system found in "/etc/fstab" refers to NFS and it does not have the "nosuid" option set, this is a finding.</check-content></check></Rule></Group><Group id="V-217181"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217181r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010820</version><title>SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.</title><description>&lt;VulnDiscussion&gt;The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91947</ident><ident system="http://cyber.mil/legacy">V-77251</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18407r369700_fix">Configure the SUSE operating system "/etc/fstab" file to use the "noexec" option on file systems that are being exported via NFS.</fixtext><fix id="F-18407r369700_fix" /><check system="C-18409r369699_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system file systems that are being NFS exported are mounted with the "noexec" option.
 
 Find the file system(s) that contain the directories being exported with the following command:
 
@@ -1373,7 +1351,7 @@ Find the file system(s) that contain the directories being exported with the fol
 
 UUID=e06097bb-cfcd-437b-9e4d-a691f5662a7d   /store   nfs   rw,noexec   0 0
 
-If a file system found in "/etc/fstab" refers to NFS and it does not have the "noexec" option set, and use of NFS exported binaries is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217182"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217182r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010830</version><title>All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.</title><description>&lt;VulnDiscussion&gt;If a world-writable directory has the sticky bit set and is not group-owned by a privileged Group Identifier (GID), unauthorized users may be able to modify files created by others.
+If a file system found in "/etc/fstab" refers to NFS and it does not have the "noexec" option set, and use of NFS exported binaries is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-217182"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217182r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010830</version><title>All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.</title><description>&lt;VulnDiscussion&gt;If a world-writable directory has the sticky bit set and is not group-owned by a privileged Group Identifier (GID), unauthorized users may be able to modify files created by others.
 
 The only authorized public directories are those temporary directories supplied with the system or those designed to be temporary file repositories. The setting is normally reserved for directories used by the system and by users for temporary file storage, (e.g., /tmp), and for directories requiring global read/write access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91949</ident><ident system="http://cyber.mil/legacy">V-77253</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18408r369703_fix">Change the group of the SUSE operating system world-writable directories to root with the following command:
 
@@ -1389,7 +1367,7 @@ drwxrwxrwt. 2 root root 40 Aug 26 13:07 /dev/mqueue
 drwxrwxrwt. 2 root root 220 Aug 26 13:23 /dev/shm
 drwxrwxrwt. 14 root root 4096 Aug 26 13:29 /tmp
 
-If any world-writable directories are not owned by root, sys, bin, or an application group associated with the directory, this is a finding.</check-content></check></Rule></Group><Group id="V-217183"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217183r603262_rule" weight="10.0" severity="medium"><version>SLES-12-010840</version><title>SUSE operating system kernel core dumps must be disabled unless needed.</title><description>&lt;VulnDiscussion&gt;Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77257</ident><ident system="http://cyber.mil/legacy">SV-91953</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18409r369706_fix">If SUSE operating system kernel core dumps are not required, disable the "kdump" service with the following command:
+If any world-writable directories are not owned by root, sys, bin, or an application group associated with the directory, this is a finding.</check-content></check></Rule></Group><Group id="V-217183"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217183r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010840</version><title>SUSE operating system kernel core dumps must be disabled unless needed.</title><description>&lt;VulnDiscussion&gt;Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77257</ident><ident system="http://cyber.mil/legacy">SV-91953</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18409r369706_fix">If SUSE operating system kernel core dumps are not required, disable the "kdump" service with the following command:
 
 # systemctl disable kdump.service
 
@@ -1403,7 +1381,7 @@ Check the status of the "kdump" service with the following command:
 
 If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO).
 
-If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-217184"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217184r603893_rule" weight="10.0" severity="low"><version>SLES-12-010850</version><title>A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91957</ident><ident system="http://cyber.mil/legacy">V-77261</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18410r369709_fix">Create a separate file system/partition for SUSE operating system non-privileged local interactive user home directories.
+If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-217184"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217184r991589_rule" weight="10.0" severity="low"><version>SLES-12-010850</version><title>A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91957</ident><ident system="http://cyber.mil/legacy">V-77261</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18410r369709_fix">Create a separate file system/partition for SUSE operating system non-privileged local interactive user home directories.
 
 Migrate the non-privileged local interactive user home directories onto the separate file system/partition.</fixtext><fix id="F-18410r369709_fix" /><check system="C-18412r622356_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that a separate file system/partition has been created for SUSE operating system non-privileged local interactive user home directories.
 
@@ -1424,7 +1402,7 @@ Note: The partition of /home is used in the example.
 # grep /home /etc/fstab
 UUID=333ada18    /home   ext4   noatime,nobarrier,nodev   1 2
 
-If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-217185"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217185r603262_rule" weight="10.0" severity="low"><version>SLES-12-010860</version><title>The SUSE operating system must use a separate file system for /var.</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77265</ident><ident system="http://cyber.mil/legacy">SV-91961</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18411r369712_fix">Create a separate file system/partition on the SUSE operating system for "/var".
+If a separate entry for the file system/partition that contains the non-privileged interactive users' home directories does not exist, this is a finding.</check-content></check></Rule></Group><Group id="V-217185"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217185r991589_rule" weight="10.0" severity="low"><version>SLES-12-010860</version><title>The SUSE operating system must use a separate file system for /var.</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77265</ident><ident system="http://cyber.mil/legacy">SV-91961</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18411r369712_fix">Create a separate file system/partition on the SUSE operating system for "/var".
 
 Migrate "/var" onto the separate file system/partition.</fixtext><fix id="F-18411r369712_fix" /><check system="C-18413r369711_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system has a separate file system/partition for "/var".
 
@@ -1433,7 +1411,7 @@ Check that a file system/partition has been created for "/var" with the followin
 # grep /var /etc/fstab
 UUID=c274f65f    /var   ext4   noatime,nobarrier   1 2
 
-If a separate entry for "/var" is not in use, this is a finding.</check-content></check></Rule></Group><Group id="V-217186"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217186r603262_rule" weight="10.0" severity="low"><version>SLES-12-010870</version><title>The SUSE operating system must use a separate file system for the system audit data path.</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77271</ident><ident system="http://cyber.mil/legacy">SV-91967</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18412r369715_fix">Migrate the SUSE operating system audit data path onto a separate file system.</fixtext><fix id="F-18412r369715_fix" /><check system="C-18414r369714_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system has a separate file system/partition for the system audit data path.
+If a separate entry for "/var" is not in use, this is a finding.</check-content></check></Rule></Group><Group id="V-217186"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217186r991589_rule" weight="10.0" severity="low"><version>SLES-12-010870</version><title>The SUSE operating system must use a separate file system for the system audit data path.</title><description>&lt;VulnDiscussion&gt;The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77271</ident><ident system="http://cyber.mil/legacy">SV-91967</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18412r369715_fix">Migrate the SUSE operating system audit data path onto a separate file system.</fixtext><fix id="F-18412r369715_fix" /><check system="C-18414r369714_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify that the SUSE operating system has a separate file system/partition for the system audit data path.
 
 Check that a file system/partition has been created for the system audit data path with the following command:
 
@@ -1444,7 +1422,7 @@ UUID=3645951a   /var/log/audit   ext4   defaults   1 2
 
 If a separate entry for the system audit data path (in this example the "/var/log/audit" path) does not exist, ask the System Administrator if the system audit logs are being written to a different file system/partition on the system and then grep for that file system/partition. 
 
-If a separate file system/partition does not exist for the system audit data path, this is a finding.</check-content></check></Rule></Group><Group id="V-217188"><title>SRG-OS-000206-GPOS-00084</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217188r646734_rule" weight="10.0" severity="medium"><version>SLES-12-010890</version><title>The SUSE operating system must prevent unauthorized users from accessing system error messages.</title><description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the SUSE operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+If a separate file system/partition does not exist for the system audit data path, this is a finding.</check-content></check></Rule></Group><Group id="V-217188"><title>SRG-OS-000206-GPOS-00084</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217188r958566_rule" weight="10.0" severity="medium"><version>SLES-12-010890</version><title>The SUSE operating system must prevent unauthorized users from accessing system error messages.</title><description>&lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the SUSE operating system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91971</ident><ident system="http://cyber.mil/legacy">V-77275</ident><ident system="http://cyber.mil/cci">CCI-001314</ident><fixtext fixref="F-18414r646733_fix">Configure the SUSE operating system to prevent unauthorized users from accessing system error messages.
 
@@ -1468,7 +1446,7 @@ Check that "permissions.local" file contains the correct permissions rules with
 
 /var/log/messages root:root 640
 
-If the effective permissions do not match the "permissions.local" file, the command does not return any output, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217189"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217189r646737_rule" weight="10.0" severity="medium"><version>SLES-12-010910</version><title>The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.</title><description>&lt;VulnDiscussion&gt;"pam-config" is a command line utility that automatically generates a system PAM configuration as packages are installed, updated or removed from the system. "pam-config" removes configurations for PAM modules and parameters that it does not know about. It may render ineffective PAM configuration by the system administrator and thus impact system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91981</ident><ident system="http://cyber.mil/legacy">V-77285</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18415r646736_fix">Copy the PAM configuration files to their static locations and remove the SUSE operating system soft links for the PAM configuration files with the following command:
+If the effective permissions do not match the "permissions.local" file, the command does not return any output, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217189"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217189r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010910</version><title>The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.</title><description>&lt;VulnDiscussion&gt;"pam-config" is a command line utility that automatically generates a system PAM configuration as packages are installed, updated or removed from the system. "pam-config" removes configurations for PAM modules and parameters that it does not know about. It may render ineffective PAM configuration by the system administrator and thus impact system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91981</ident><ident system="http://cyber.mil/legacy">V-77285</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18415r646736_fix">Copy the PAM configuration files to their static locations and remove the SUSE operating system soft links for the PAM configuration files with the following command:
 
 &gt; sudo sh -c 'for X in /etc/pam.d/common-*-pc; do cp -ivp --remove-destination $X ${X:0:-3}; done'
 
@@ -1478,13 +1456,13 @@ Check that soft links between PAM configuration files are removed with the follo
 
 &gt; find /etc/pam.d/ -type l -iname "common-*"
 
-If any results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217190"><title>SRG-OS-000337-GPOS-00129</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217190r877036_rule" weight="10.0" severity="medium"><version>SLES-12-020000</version><title>The SUSE operating system must have the auditing package installed.</title><description>&lt;VulnDiscussion&gt;Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+If any results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217190"><title>SRG-OS-000337-GPOS-00129</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217190r1015221_rule" weight="10.0" severity="medium"><version>SLES-12-020000</version><title>The SUSE operating system must have the auditing package installed.</title><description>&lt;VulnDiscussion&gt;Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
 Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
 
 Associating event types with detected events in the SUSE operating system audit logs provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured SUSE operating system.
 
-Satisfies: SRG-OS-000337-GPOS-00129, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000358-GPOS-00145, SRG-OS-000359-GPOS-00146, SRG-OS-000365-GPOS-00152, SRG-OS-000474-GPOS-00219, SRG-OS-000475-GPOS-00220&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77287</ident><ident system="http://cyber.mil/legacy">SV-91983</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001882</ident><ident system="http://cyber.mil/cci">CCI-001889</ident><ident system="http://cyber.mil/cci">CCI-001877</ident><ident system="http://cyber.mil/cci">CCI-001914</ident><ident system="http://cyber.mil/cci">CCI-001814</ident><ident system="http://cyber.mil/cci">CCI-001875</ident><ident system="http://cyber.mil/cci">CCI-001878</ident><ident system="http://cyber.mil/cci">CCI-001879</ident><ident system="http://cyber.mil/cci">CCI-001880</ident><ident system="http://cyber.mil/cci">CCI-001881</ident><fixtext fixref="F-18416r369727_fix">The SUSE operating system auditd package must be installed on the system. If it is not installed, use the following command to install it:
+Satisfies: SRG-OS-000337-GPOS-00129, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000358-GPOS-00145, SRG-OS-000359-GPOS-00146, SRG-OS-000365-GPOS-00152, SRG-OS-000474-GPOS-00219, SRG-OS-000475-GPOS-00220&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77287</ident><ident system="http://cyber.mil/legacy">SV-91983</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001882</ident><ident system="http://cyber.mil/cci">CCI-001889</ident><ident system="http://cyber.mil/cci">CCI-001877</ident><ident system="http://cyber.mil/cci">CCI-001914</ident><ident system="http://cyber.mil/cci">CCI-001814</ident><ident system="http://cyber.mil/cci">CCI-003938</ident><ident system="http://cyber.mil/cci">CCI-001875</ident><ident system="http://cyber.mil/cci">CCI-001878</ident><ident system="http://cyber.mil/cci">CCI-001879</ident><ident system="http://cyber.mil/cci">CCI-001880</ident><ident system="http://cyber.mil/cci">CCI-001881</ident><fixtext fixref="F-18416r369727_fix">The SUSE operating system auditd package must be installed on the system. If it is not installed, use the following command to install it:
 
 # sudo zypper in auditd</fixtext><fix id="F-18416r369727_fix" /><check system="C-18418r369726_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system auditing package is installed.
 
@@ -1494,7 +1472,7 @@ Check that the "audit" package is installed by performing the following command:
 
 i | audit | User Space Tools for 2.6 Kernel Auditing 
 
-If the package "audit" is not installed on the system, then this is a finding.</check-content></check></Rule></Group><Group id="V-217191"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217191r854099_rule" weight="10.0" severity="medium"><version>SLES-12-020010</version><title>SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.</title><description>&lt;VulnDiscussion&gt;Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+If the package "audit" is not installed on the system, then this is a finding.</check-content></check></Rule></Group><Group id="V-217191"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217191r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020010</version><title>SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.</title><description>&lt;VulnDiscussion&gt;Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
 Audit record content that may be necessary to satisfy this requirement includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked.
 
@@ -1513,7 +1491,7 @@ If the service is enabled, the returned message must contain the following text:
 
 Active: active (running)
 
-If the service is not running, this is a finding.</check-content></check></Rule></Group><Group id="V-217192"><title>SRG-OS-000341-GPOS-00132</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217192r877391_rule" weight="10.0" severity="medium"><version>SLES-12-020020</version><title>The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.</title><description>&lt;VulnDiscussion&gt;To ensure SUSE operating systems have a sufficient storage capacity in which to write the audit logs, SUSE operating systems need to be able to allocate audit record storage capacity.
+If the service is not running, this is a finding.</check-content></check></Rule></Group><Group id="V-217192"><title>SRG-OS-000341-GPOS-00132</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217192r958752_rule" weight="10.0" severity="medium"><version>SLES-12-020020</version><title>The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.</title><description>&lt;VulnDiscussion&gt;To ensure SUSE operating systems have a sufficient storage capacity in which to write the audit logs, SUSE operating systems need to be able to allocate audit record storage capacity.
 
 The task of allocating audit record storage capacity is usually performed during initial installation of the SUSE operating system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77291</ident><ident system="http://cyber.mil/legacy">SV-91987</ident><ident system="http://cyber.mil/cci">CCI-001849</ident><fixtext fixref="F-18418r369733_fix">Allocate enough storage capacity for at least one week's worth of SUSE operating system audit records when audit records are not immediately sent to a central audit record storage facility.
 
@@ -1538,7 +1516,7 @@ If the audit records are not written to a partition made specifically for audit
 
 The partition size needed to capture a week's worth of audit records is based on the activity level of the system and the total storage capacity available. In normal circumstances, 10.0 GB of storage space for audit records will be sufficient.
 
-If the audit record partition is not allocated sufficient storage capacity, this is a finding.</check-content></check></Rule></Group><Group id="V-217193"><title>SRG-OS-000343-GPOS-00134</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217193r877389_rule" weight="10.0" severity="medium"><version>SLES-12-020030</version><title>The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.</title><description>&lt;VulnDiscussion&gt;If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91989</ident><ident system="http://cyber.mil/legacy">V-77293</ident><ident system="http://cyber.mil/cci">CCI-001855</ident><fixtext fixref="F-18419r369736_fix">Check the system configuration to determine the partition to which the audit records are written: 
+If the audit record partition is not allocated sufficient storage capacity, this is a finding.</check-content></check></Rule></Group><Group id="V-217193"><title>SRG-OS-000343-GPOS-00134</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217193r971542_rule" weight="10.0" severity="medium"><version>SLES-12-020030</version><title>The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.</title><description>&lt;VulnDiscussion&gt;If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91989</ident><ident system="http://cyber.mil/legacy">V-77293</ident><ident system="http://cyber.mil/cci">CCI-001855</ident><fixtext fixref="F-18419r369736_fix">Check the system configuration to determine the partition to which the audit records are written: 
 
 # grep -iw log_file /etc/audit/auditd.conf
 
@@ -1568,7 +1546,7 @@ Determine the threshold for the system to take action when 75 percent of the rep
 # grep -iw space_left /etc/audit/auditd.conf
 space_left = 225 
 
-If the value of the "space_left" keyword is not set to 25 percent of the total partition size, this is a finding.</check-content></check></Rule></Group><Group id="V-217194"><title>SRG-OS-000046-GPOS-00022</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217194r603262_rule" weight="10.0" severity="medium"><version>SLES-12-020040</version><title>The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.</title><description>&lt;VulnDiscussion&gt;It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
+If the value of the "space_left" keyword is not set to 25 percent of the total partition size, this is a finding.</check-content></check></Rule></Group><Group id="V-217194"><title>SRG-OS-000046-GPOS-00022</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217194r958424_rule" weight="10.0" severity="medium"><version>SLES-12-020040</version><title>The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.</title><description>&lt;VulnDiscussion&gt;It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
 
 Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.
 
@@ -1584,7 +1562,7 @@ sudo grep action_mail /etc/audit/auditd.conf
 
 action_mail_acct = root
 
-If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217195"><title>SRG-OS-000046-GPOS-00022</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217195r646740_rule" weight="10.0" severity="medium"><version>SLES-12-020050</version><title>The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.</title><description>&lt;VulnDiscussion&gt;It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
+If the value of the "action_mail_acct" keyword is not set to "root" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217195"><title>SRG-OS-000046-GPOS-00022</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217195r958424_rule" weight="10.0" severity="medium"><version>SLES-12-020050</version><title>The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.</title><description>&lt;VulnDiscussion&gt;It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
 
 Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded.
 
@@ -1613,7 +1591,7 @@ Verify the alias for root forwards to a monitored e-mail account:
 &gt; grep -i "^root:" /etc/aliases
 root: person@server.mil
 
-If the alias for root does not forward to a monitored e-mail account, this is a finding.</check-content></check></Rule></Group><Group id="V-217196"><title>SRG-OS-000047-GPOS-00023</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217196r603262_rule" weight="10.0" severity="medium"><version>SLES-12-020060</version><title>The SUSE operating system audit system must take appropriate action when the audit storage volume is full.</title><description>&lt;VulnDiscussion&gt;It is critical that when the SUSE operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Responses to audit failure depend on the nature of the failure mode.
+If the alias for root does not forward to a monitored e-mail account, this is a finding.</check-content></check></Rule></Group><Group id="V-217196"><title>SRG-OS-000047-GPOS-00023</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217196r958426_rule" weight="10.0" severity="medium"><version>SLES-12-020060</version><title>The SUSE operating system audit system must take appropriate action when the audit storage volume is full.</title><description>&lt;VulnDiscussion&gt;It is critical that when the SUSE operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Responses to audit failure depend on the nature of the failure mode.
 
 When availability is an overriding concern, other approved actions in response to an audit failure are as follows: 
 
@@ -1631,7 +1609,7 @@ Check that the SUSE operating system takes the appropriate action when the audit
 
 disk_full_action = SYSLOG
 
-If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217197"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217197r877390_rule" weight="10.0" severity="medium"><version>SLES-12-020070</version><title>The audit-audispd-plugins must be installed on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If the value of the "disk_full_action" option is not "SYSLOG", "SINGLE", or "HALT", or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217197"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217197r958754_rule" weight="10.0" severity="medium"><version>SLES-12-020070</version><title>The audit-audispd-plugins must be installed on the SUSE operating system.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91997</ident><ident system="http://cyber.mil/legacy">V-77301</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18423r369748_fix">Install the "audit-audispd-plugins" package on the SUSE operating system by running the following command:
 
@@ -1651,7 +1629,7 @@ Verify the "au-remote" plugin is enabled with the following command:
 # grep -i active /etc/audisp/plugins.d/au-remote.conf 
 active = yes
 
-If "active" is missing, commented out, or is not set to "yes", this is a finding.</check-content></check></Rule></Group><Group id="V-217198"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217198r877390_rule" weight="10.0" severity="low"><version>SLES-12-020080</version><title>The SUSE operating system audit event multiplexor must be configured to use Kerberos.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If "active" is missing, commented out, or is not set to "yes", this is a finding.</check-content></check></Rule></Group><Group id="V-217198"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217198r958754_rule" weight="10.0" severity="low"><version>SLES-12-020080</version><title>The SUSE operating system audit event multiplexor must be configured to use Kerberos.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentication and encryption for audit event records.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77303</ident><ident system="http://cyber.mil/legacy">SV-91999</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18424r369751_fix">Configure the SUSE operating system audit event multiplexor to use Kerberos by editing the "/etc/audisp/audisp-remote.conf" file. 
 
@@ -1662,7 +1640,7 @@ enable_krb5 = yes</fixtext><fix id="F-18424r369751_fix" /><check system="C-18426
 # sudo cat /etc/audisp/audisp-remote.conf | grep enable_krb5
 enable_krb5 = yes
 
-If "enable-krb5" is not set to "yes", this is a finding.</check-content></check></Rule></Group><Group id="V-217199"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217199r877390_rule" weight="10.0" severity="low"><version>SLES-12-020090</version><title>Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If "enable-krb5" is not set to "yes", this is a finding.</check-content></check></Rule></Group><Group id="V-217199"><title>SRG-OS-000342-GPOS-00133</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217199r958754_rule" weight="10.0" severity="low"><version>SLES-12-020090</version><title>Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92001</ident><ident system="http://cyber.mil/legacy">V-77305</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18425r369754_fix">Configure the SUSE operating system "/etc/audisp/audisp-remote.conf" file to off-load audit records onto a different system or media by adding or editing the following line with the correct IP address:
 
@@ -1673,7 +1651,7 @@ Check if "audispd" is configured to off-load audit records onto a different syst
 # sudo cat /etc/audisp/audisp-remote.conf | grep remote_server
 remote_server = 192.168.1.101
 
-If "remote_server" is not set to an external server or media, this is a finding.</check-content></check></Rule></Group><Group id="V-217200"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217200r854105_rule" weight="10.0" severity="medium"><version>SLES-12-020100</version><title>The audit system must take appropriate action when the network cannot be used to off-load audit records.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If "remote_server" is not set to an external server or media, this is a finding.</check-content></check></Rule></Group><Group id="V-217200"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217200r959008_rule" weight="10.0" severity="medium"><version>SLES-12-020100</version><title>The audit system must take appropriate action when the network cannot be used to off-load audit records.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92003</ident><ident system="http://cyber.mil/legacy">V-77307</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18426r369757_fix">Configure the SUSE operating system to take the appropriate action if it cannot off-load audit records to a different system or storage media from the system being audited due to a network failure.
 
@@ -1687,7 +1665,7 @@ Check the action that the audit system takes in the event of a network failure w
 
 network_failure_action = syslog
 
-If the "network_failure_action" option is not set to "syslog", "single", or "halt" or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217201"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217201r854106_rule" weight="10.0" severity="medium"><version>SLES-12-020110</version><title>Audispd must take appropriate action when the SUSE operating system audit storage is full.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If the "network_failure_action" option is not set to "syslog", "single", or "halt" or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217201"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217201r959008_rule" weight="10.0" severity="medium"><version>SLES-12-020110</version><title>Audispd must take appropriate action when the SUSE operating system audit storage is full.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92005</ident><ident system="http://cyber.mil/legacy">V-77309</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18427r369760_fix">Configure the SUSE operating system to take the appropriate action if the audit storage is full.
 
@@ -1700,7 +1678,7 @@ Check that the records are properly off-loaded to a remote server with the follo
 # sudo grep -i "disk_full_action" /etc/audisp/audisp-remote.conf
 disk_full_action = syslog
 
-If "disk_full_action" is not set to "syslog", "single", or "halt" or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217202"><title>SRG-OS-000057-GPOS-00027</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217202r603262_rule" weight="10.0" severity="medium"><version>SLES-12-020120</version><title>The SUSE operating system must protect audit rules from unauthorized modification.</title><description>&lt;VulnDiscussion&gt;Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If "disk_full_action" is not set to "syslog", "single", or "halt" or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217202"><title>SRG-OS-000057-GPOS-00027</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217202r958434_rule" weight="10.0" severity="medium"><version>SLES-12-020120</version><title>The SUSE operating system must protect audit rules from unauthorized modification.</title><description>&lt;VulnDiscussion&gt;Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77311</ident><ident system="http://cyber.mil/legacy">SV-92007</ident><ident system="http://cyber.mil/cci">CCI-000162</ident><ident system="http://cyber.mil/cci">CCI-000163</ident><ident system="http://cyber.mil/cci">CCI-000164</ident><fixtext fixref="F-18428r369763_fix">Configure the SUSE operating system to protect audit rules from unauthorized modification.
 
@@ -1730,7 +1708,7 @@ Check that all of the audit information files and folders have the correct permi
 
 # sudo chkstat /etc/permissions.local
 
-If the command returns any output, this is a finding.</check-content></check></Rule></Group><Group id="V-217203"><title>SRG-OS-000256-GPOS-00097</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217203r646743_rule" weight="10.0" severity="medium"><version>SLES-12-020130</version><title>The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.</title><description>&lt;VulnDiscussion&gt;Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
+If the command returns any output, this is a finding.</check-content></check></Rule></Group><Group id="V-217203"><title>SRG-OS-000256-GPOS-00097</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217203r991557_rule" weight="10.0" severity="medium"><version>SLES-12-020130</version><title>The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.</title><description>&lt;VulnDiscussion&gt;Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
 
 SUSE operating systems providing tools to interface with audit information will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys to make access decisions regarding the access to audit tools.
 
@@ -1770,7 +1748,7 @@ Check that all of the audit information files and folders have the correct permi
 
 &gt; sudo chkstat /etc/permissions.local
 
-If the command returns any output, this is a finding.</check-content></check></Rule></Group><Group id="V-217204"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217204r646746_rule" weight="10.0" severity="medium"><version>SLES-12-020199</version><title>The SUSE operating system must not disable syscall auditing.</title><description>&lt;VulnDiscussion&gt;By default, the SUSE operating system includes the "-a task,never" audit rule as a default. This rule suppresses syscall auditing for all tasks started with this rule in effect. Because the audit daemon processes the "audit.rules" file from the top down, this rule supersedes all other defined syscall rules; therefore no syscall auditing can take place on the operating system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-97227</ident><ident system="http://cyber.mil/legacy">SV-106365</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18430r646745_fix">Remove the "-a task,never" rule from the /etc/audit/rules.d/audit.rules file.
+If the command returns any output, this is a finding.</check-content></check></Rule></Group><Group id="V-217204"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217204r991589_rule" weight="10.0" severity="medium"><version>SLES-12-020199</version><title>The SUSE operating system must not disable syscall auditing.</title><description>&lt;VulnDiscussion&gt;By default, the SUSE operating system includes the "-a task,never" audit rule as a default. This rule suppresses syscall auditing for all tasks started with this rule in effect. Because the audit daemon processes the "audit.rules" file from the top down, this rule supersedes all other defined syscall rules; therefore no syscall auditing can take place on the operating system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-97227</ident><ident system="http://cyber.mil/legacy">SV-106365</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18430r646745_fix">Remove the "-a task,never" rule from the /etc/audit/rules.d/audit.rules file.
 
 The audit daemon must be restarted for the changes to take effect.
 
@@ -1785,11 +1763,11 @@ Verify the default rule "-a task,never" is not statically defined :
 
 &gt; sudo grep -rv "^#" /etc/audit/rules.d/ | grep -i "a task,never"
 
-If any results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217205"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217205r854107_rule" weight="10.0" severity="medium"><version>SLES-12-020200</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
+If any results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217205"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217205r1015222_rule" weight="10.0" severity="medium"><version>SLES-12-020200</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
 
 To address access requirements, many SUSE operating systems may be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.
 
-Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000304-GPOS-00121, SRG-OS-000470-GPOS-00214, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92011</ident><ident system="http://cyber.mil/legacy">V-77315</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><fixtext fixref="F-18431r369772_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/passwd" file occur.
+Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000304-GPOS-00121, SRG-OS-000470-GPOS-00214, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92011</ident><ident system="http://cyber.mil/legacy">V-77315</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><ident system="http://cyber.mil/cci">CCI-000015</ident><fixtext fixref="F-18431r369772_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/passwd" file occur.
 
 Add or update the following rule to "/etc/audit/rules.d/audit.rules":
 
@@ -1805,11 +1783,11 @@ Check that the following file is being watched by performing the following comma
 
 -w /etc/passwd -p wa -k account_mod
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217206"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217206r854108_rule" weight="10.0" severity="medium"><version>SLES-12-020210</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217206"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217206r1015223_rule" weight="10.0" severity="medium"><version>SLES-12-020210</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
 
 To address access requirements, many SUSE operating systems may be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.
 
-Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92013</ident><ident system="http://cyber.mil/legacy">V-77317</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><fixtext fixref="F-18432r369775_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/group" file occur.
+Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92013</ident><ident system="http://cyber.mil/legacy">V-77317</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><ident system="http://cyber.mil/cci">CCI-000015</ident><fixtext fixref="F-18432r369775_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/group" file occur.
 
 Add or update the following rule to "/etc/audit/rules.d/audit.rules":
 
@@ -1825,11 +1803,11 @@ Check that the following file is being watched by performing the following comma
 
 -w /etc/group -p wa -k account_mod
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217207"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217207r854109_rule" weight="10.0" severity="medium"><version>SLES-12-020220</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217207"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217207r1015224_rule" weight="10.0" severity="medium"><version>SLES-12-020220</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
 
 To address access requirements, many SUSE operating systems may be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.
 
-Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92015</ident><ident system="http://cyber.mil/legacy">V-77319</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><fixtext fixref="F-18433r369778_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/shadow" file occur.
+Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92015</ident><ident system="http://cyber.mil/legacy">V-77319</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><ident system="http://cyber.mil/cci">CCI-000015</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><fixtext fixref="F-18433r369778_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/shadow" file occur.
 
 Add or update the following rule to "/etc/audit/rules.d/audit.rules":
 
@@ -1845,11 +1823,11 @@ Check that the following file is being watched by performing the following comma
 
 -w /etc/shadow -p wa -k account_mod
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217208"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217208r854110_rule" weight="10.0" severity="medium"><version>SLES-12-020230</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217208"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217208r1015225_rule" weight="10.0" severity="medium"><version>SLES-12-020230</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
 
 To address access requirements, many SUSE operating systems may be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.
 
-Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92017</ident><ident system="http://cyber.mil/legacy">V-77321</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><fixtext fixref="F-18434r369781_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/security/opasswd" file occur.
+Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000239-GPOS-00089, SRG-OS-000240-GPOS-00090, SRG-OS-000241-GPOS-00091, SRG-OS-000303-GPOS-00120, SRG-OS-000476-GPOS-00221&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92017</ident><ident system="http://cyber.mil/legacy">V-77321</ident><ident system="http://cyber.mil/cci">CCI-000018</ident><ident system="http://cyber.mil/cci">CCI-000172</ident><ident system="http://cyber.mil/cci">CCI-001403</ident><ident system="http://cyber.mil/cci">CCI-002130</ident><ident system="http://cyber.mil/cci">CCI-002132</ident><ident system="http://cyber.mil/cci">CCI-000015</ident><fixtext fixref="F-18434r369781_fix">Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/security/opasswd" file occur.
 
 Add or update the following rule to "/etc/audit/rules.d/audit.rules":
 
@@ -1866,9 +1844,9 @@ Check that the following file is being watched by performing the following comma
 
 -w /etc/security/opasswd -p wa -k account_mod
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217209"><title>SRG-OS-000327-GPOS-00127</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217209r854111_rule" weight="10.0" severity="low"><version>SLES-12-020240</version><title>The SUSE operating system must generate audit records for all uses of the privileged functions.</title><description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217209"><title>SRG-OS-000327-GPOS-00127</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217209r1015226_rule" weight="10.0" severity="low"><version>SLES-12-020240</version><title>The SUSE operating system must generate audit records for all uses of the privileged functions.</title><description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
 
-Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000337-GPOS-00129, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000358-GPOS-00145, SRG-OS-000359-GPOS-00146, SRG-OS-000365-GPOS-00152&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77323</ident><ident system="http://cyber.mil/legacy">SV-92019</ident><ident system="http://cyber.mil/cci">CCI-001877</ident><ident system="http://cyber.mil/cci">CCI-001878</ident><ident system="http://cyber.mil/cci">CCI-001914</ident><ident system="http://cyber.mil/cci">CCI-001889</ident><ident system="http://cyber.mil/cci">CCI-001875</ident><ident system="http://cyber.mil/cci">CCI-001881</ident><ident system="http://cyber.mil/cci">CCI-001882</ident><ident system="http://cyber.mil/cci">CCI-001879</ident><ident system="http://cyber.mil/cci">CCI-001880</ident><ident system="http://cyber.mil/cci">CCI-001814</ident><ident system="http://cyber.mil/cci">CCI-002234</ident><fixtext fixref="F-18435r369784_fix">Configure the operating system to audit the execution of privileged functions.
+Satisfies: SRG-OS-000327-GPOS-00127, SRG-OS-000337-GPOS-00129, SRG-OS-000348-GPOS-00136, SRG-OS-000349-GPOS-00137, SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140, SRG-OS-000353-GPOS-00141, SRG-OS-000354-GPOS-00142, SRG-OS-000358-GPOS-00145, SRG-OS-000359-GPOS-00146, SRG-OS-000365-GPOS-00152&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77323</ident><ident system="http://cyber.mil/legacy">SV-92019</ident><ident system="http://cyber.mil/cci">CCI-001877</ident><ident system="http://cyber.mil/cci">CCI-001878</ident><ident system="http://cyber.mil/cci">CCI-001914</ident><ident system="http://cyber.mil/cci">CCI-001889</ident><ident system="http://cyber.mil/cci">CCI-001875</ident><ident system="http://cyber.mil/cci">CCI-001881</ident><ident system="http://cyber.mil/cci">CCI-001882</ident><ident system="http://cyber.mil/cci">CCI-001879</ident><ident system="http://cyber.mil/cci">CCI-001880</ident><ident system="http://cyber.mil/cci">CCI-001814</ident><ident system="http://cyber.mil/cci">CCI-003938</ident><ident system="http://cyber.mil/cci">CCI-002234</ident><fixtext fixref="F-18435r369784_fix">Configure the operating system to audit the execution of privileged functions.
 
 Add or update the following rules in "/etc/audit/rules.d/audit.rules":
 
@@ -1890,7 +1868,7 @@ The audit daemon must be restarted for the changes to take effect.
 
 If both the "b32" and "b64" audit rules for "SUID" files are not defined, this is a finding.
 
-If both the "b32" and "b64" audit rules for "SGID" files are not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-217210"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217210r854112_rule" weight="10.0" severity="medium"><version>SLES-12-020250</version><title>The SUSE operating system must generate audit records for all uses of the su command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules for "SGID" files are not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-217210"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217210r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020250</version><title>The SUSE operating system must generate audit records for all uses of the su command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -1910,7 +1888,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/su -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-priv_change
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217211"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217211r854113_rule" weight="10.0" severity="low"><version>SLES-12-020260</version><title>The SUSE operating system must generate audit records for all uses of the sudo command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217211"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217211r958412_rule" weight="10.0" severity="low"><version>SLES-12-020260</version><title>The SUSE operating system must generate audit records for all uses of the sudo command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -1930,7 +1908,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/sudo -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-sudo
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217212"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217212r854114_rule" weight="10.0" severity="low"><version>SLES-12-020280</version><title>The SUSE operating system must generate audit records for all uses of the chfn command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217212"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217212r958412_rule" weight="10.0" severity="low"><version>SLES-12-020280</version><title>The SUSE operating system must generate audit records for all uses of the chfn command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -1950,7 +1928,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chfn -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-chfn
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217213"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217213r854115_rule" weight="10.0" severity="low"><version>SLES-12-020290</version><title>The SUSE operating system must generate audit records for all uses of the mount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217213"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217213r958412_rule" weight="10.0" severity="low"><version>SLES-12-020290</version><title>The SUSE operating system must generate audit records for all uses of the mount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -1976,7 +1954,7 @@ Check that the following command call is being audited by performing the followi
 
 If both the "b32" and "b64" audit rules are not defined for the "mount" syscall, this is a finding.
 
-If all uses of the "mount" command are not being audited, this is a finding.</check-content></check></Rule></Group><Group id="V-217214"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217214r854116_rule" weight="10.0" severity="low"><version>SLES-12-020300</version><title>The SUSE operating system must generate audit records for all uses of the umount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If all uses of the "mount" command are not being audited, this is a finding.</check-content></check></Rule></Group><Group id="V-217214"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217214r958412_rule" weight="10.0" severity="low"><version>SLES-12-020300</version><title>The SUSE operating system must generate audit records for all uses of the umount command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2000,7 +1978,7 @@ Check that the following command call is being audited by performing the followi
 -a always,exit -F arch=b32 -S umount2 -F auid&gt;=1000 -F auid!=4294967295 -k privileged-umount
 -a always,exit -F arch=b64 -S umount2 -F auid&gt;=1000 -F auid!=4294967295 -k privileged-umount
 
-If both the "b32" and "b64" audit rules are not defined for the "umount" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-217215"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217215r854117_rule" weight="10.0" severity="low"><version>SLES-12-020310</version><title>The SUSE operating system must generate audit records for all uses of the ssh-agent command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If both the "b32" and "b64" audit rules are not defined for the "umount" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-217215"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217215r958412_rule" weight="10.0" severity="low"><version>SLES-12-020310</version><title>The SUSE operating system must generate audit records for all uses of the ssh-agent command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2020,7 +1998,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-ssh-agent
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217216"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217216r854118_rule" weight="10.0" severity="low"><version>SLES-12-020320</version><title>The SUSE operating system must generate audit records for all uses of the ssh-keysign command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217216"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217216r958412_rule" weight="10.0" severity="low"><version>SLES-12-020320</version><title>The SUSE operating system must generate audit records for all uses of the ssh-keysign command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2040,7 +2018,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-ssh-keysign
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217217"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217217r854119_rule" weight="10.0" severity="medium"><version>SLES-12-020360</version><title>The SUSE operating system must generate audit records for all uses of the kmod command.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217217"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217217r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020360</version><title>The SUSE operating system must generate audit records for all uses of the kmod command.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2072,7 +2050,7 @@ Check that the following command call is being audited by performing the followi
 
 If the system is configured to audit the execution of the module management program "kmod", the command will return a line. 
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217218"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217218r854121_rule" weight="10.0" severity="medium"><version>SLES-12-020370</version><title>The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217218"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217218r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020370</version><title>The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2096,7 +2074,7 @@ Verify that the following command call is being audited by performing the follow
 -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 
-If both the "b32" and "b64" audit rules are not defined for the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217223"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217223r854124_rule" weight="10.0" severity="medium"><version>SLES-12-020420</version><title>The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217223"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217223r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020420</version><title>The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2118,7 +2096,7 @@ Verify that the following command call is being audited by performing the follow
 -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 
-If both the "b32" and "b64" audit rules are not defined for the "chown", "fchown", "fchownat", "lchown" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217227"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217227r854126_rule" weight="10.0" severity="medium"><version>SLES-12-020460</version><title>The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "chown", "fchown", "fchownat", "lchown" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217227"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217227r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020460</version><title>The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2142,7 +2120,7 @@ Verify that the following command call is being audited by performing the follow
 -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid&gt;=1000 -F auid!=4294967295 -k perm_mod
 
-If both the "b32" and "b64" audit rules are not defined for the "chmod", "fchmod", and "fchmodat" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217230"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217230r861099_rule" weight="10.0" severity="medium"><version>SLES-12-020490</version><title>The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "chmod", "fchmod", and "fchmodat" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217230"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217230r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020490</version><title>The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2176,7 +2154,7 @@ If both the "b32" and "b64" audit rules are not defined for the "creat", "open",
 
 If the output does not produce rules containing "-F exit=-EPERM", this is a finding.
 
-If the output does not produce rules containing "-F exit=-EACCES", this is a finding.</check-content></check></Rule></Group><Group id="V-217236"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217236r854130_rule" weight="10.0" severity="low"><version>SLES-12-020550</version><title>The SUSE operating system must generate audit records for all uses of the passwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the output does not produce rules containing "-F exit=-EACCES", this is a finding.</check-content></check></Rule></Group><Group id="V-217236"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217236r958412_rule" weight="10.0" severity="low"><version>SLES-12-020550</version><title>The SUSE operating system must generate audit records for all uses of the passwd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2196,7 +2174,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/passwd -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-passwd
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217237"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217237r854131_rule" weight="10.0" severity="low"><version>SLES-12-020560</version><title>The SUSE operating system must generate audit records for all uses of the gpasswd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217237"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217237r958412_rule" weight="10.0" severity="low"><version>SLES-12-020560</version><title>The SUSE operating system must generate audit records for all uses of the gpasswd command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2216,7 +2194,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-gpasswd
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217238"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217238r854132_rule" weight="10.0" severity="low"><version>SLES-12-020570</version><title>The SUSE operating system must generate audit records for all uses of the newgrp command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217238"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217238r958412_rule" weight="10.0" severity="low"><version>SLES-12-020570</version><title>The SUSE operating system must generate audit records for all uses of the newgrp command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2236,7 +2214,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-newgrp
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217239"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217239r854133_rule" weight="10.0" severity="low"><version>SLES-12-020580</version><title>The SUSE operating system must generate audit records for a uses of the chsh command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217239"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217239r958412_rule" weight="10.0" severity="low"><version>SLES-12-020580</version><title>The SUSE operating system must generate audit records for a uses of the chsh command.</title><description>&lt;VulnDiscussion&gt;Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
 At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the cause and impact of compromise.
 
@@ -2256,7 +2234,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-chsh
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217240"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217240r854134_rule" weight="10.0" severity="medium"><version>SLES-12-020590</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217240"><title>SRG-OS-000004-GPOS-00004</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217240r958368_rule" weight="10.0" severity="medium"><version>SLES-12-020590</version><title>The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.</title><description>&lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk.
 
 To address access requirements, many SUSE operating systems may be integrated with enterprise-level authentication/access/auditing mechanisms that meet or exceed access control policy requirements.
 
@@ -2276,7 +2254,7 @@ Check that the following file is being watched by performing the following comma
 
 -w /etc/gshadow -p wa -k account_mod
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217241"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217241r854135_rule" weight="10.0" severity="medium"><version>SLES-12-020600</version><title>The SUSE operating system must generate audit records for all uses of the chmod command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217241"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217241r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020600</version><title>The SUSE operating system must generate audit records for all uses of the chmod command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2296,7 +2274,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chmod -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k prim_mod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217242"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217242r854136_rule" weight="10.0" severity="medium"><version>SLES-12-020610</version><title>The SUSE operating system must generate audit records for all uses of the setfacl command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217242"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217242r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020610</version><title>The SUSE operating system must generate audit records for all uses of the setfacl command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2316,7 +2294,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k prim_mod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217243"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217243r854137_rule" weight="10.0" severity="medium"><version>SLES-12-020620</version><title>The SUSE operating system must generate audit records for all uses of the chacl command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217243"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217243r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020620</version><title>The SUSE operating system must generate audit records for all uses of the chacl command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2336,7 +2314,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k prim_mod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217244"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217244r854138_rule" weight="10.0" severity="medium"><version>SLES-12-020630</version><title>Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217244"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217244r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020630</version><title>Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2356,7 +2334,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k prim_mod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217245"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217245r854139_rule" weight="10.0" severity="medium"><version>SLES-12-020640</version><title>The SUSE operating system must generate audit records for all uses of the rm command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217245"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217245r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020640</version><title>The SUSE operating system must generate audit records for all uses of the rm command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2376,7 +2354,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/rm -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k prim_mod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217246"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217246r854140_rule" weight="10.0" severity="medium"><version>SLES-12-020650</version><title>The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217246"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217246r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020650</version><title>The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2396,7 +2374,7 @@ Check that the following command call is being audited by performing the followi
 
 -w /var/log/tallylog -p wa -k logins
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217247"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217247r854141_rule" weight="10.0" severity="medium"><version>SLES-12-020660</version><title>The SUSE operating system must generate audit records for all modifications to the lastlog file.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217247"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217247r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020660</version><title>The SUSE operating system must generate audit records for all modifications to the lastlog file.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2416,7 +2394,7 @@ Check that the following is being audited by performing the following command to
 
 -w /var/log/lastlog -p wa -k logins
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217248"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217248r854142_rule" weight="10.0" severity="medium"><version>SLES-12-020670</version><title>The SUSE operating system must generate audit records for all uses of the passmass command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217248"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217248r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020670</version><title>The SUSE operating system must generate audit records for all uses of the passmass command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2436,7 +2414,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/passmass -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-passmass
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217249"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217249r854143_rule" weight="10.0" severity="medium"><version>SLES-12-020680</version><title>The SUSE operating system must generate audit records for all uses of the unix_chkpwd command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217249"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217249r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020680</version><title>The SUSE operating system must generate audit records for all uses of the unix_chkpwd command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2460,7 +2438,7 @@ Check that the following command call is being audited by performing the followi
 -a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-unix2-chkpwd
 
 If the command does not return any output or the returned line is commented out, this is a finding.
-</check-content></check></Rule></Group><Group id="V-217250"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217250r854144_rule" weight="10.0" severity="medium"><version>SLES-12-020690</version><title>The SUSE operating system must generate audit records for all uses of the chage command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+</check-content></check></Rule></Group><Group id="V-217250"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217250r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020690</version><title>The SUSE operating system must generate audit records for all uses of the chage command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2480,7 +2458,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/bin/chage -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-chage
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217251"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217251r854145_rule" weight="10.0" severity="medium"><version>SLES-12-020700</version><title>The SUSE operating system must generate audit records for all uses of the usermod command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217251"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217251r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020700</version><title>The SUSE operating system must generate audit records for all uses of the usermod command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2500,7 +2478,7 @@ Check that the following command call is being audited by performing the followi
 
 -a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-usermod
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217252"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217252r854146_rule" weight="10.0" severity="medium"><version>SLES-12-020710</version><title>The SUSE operating system must generate audit records for all uses of the crontab command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217252"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217252r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020710</version><title>The SUSE operating system must generate audit records for all uses of the crontab command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2520,7 +2498,7 @@ Check for the following command call is being audited by performing the followin
 
 -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-crontab
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217253"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217253r854147_rule" weight="10.0" severity="medium"><version>SLES-12-020720</version><title>The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217253"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217253r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020720</version><title>The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2540,7 +2518,7 @@ Check for the following command call is being audited by performing the followin
 
 -a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid&gt;=1000 -F auid!=4294967295 -k privileged-pam_timestamp_check
 
-If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217254"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217254r854148_rule" weight="10.0" severity="medium"><version>SLES-12-020730</version><title>The SUSE operating system must generate audit records for all uses of the delete_module command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
+If the command does not return any output or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217254"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217254r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020730</version><title>The SUSE operating system must generate audit records for all uses of the delete_module command.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2562,7 +2540,7 @@ Check that the following command call is being audited by performing the followi
 -a always,exit -F arch=b32 -S delete_module -F auid&gt;=1000 -F auid!=4294967295 -k unload_module
 -a always,exit -F arch=b64 -S delete_module -F auid&gt;=1000 -F auid!=4294967295 -k unload_module
 
-If both the "b32" and "b64" audit rules are not defined for the "unload_module" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-217255"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217255r854150_rule" weight="10.0" severity="medium"><version>SLES-12-020740</version><title>The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
+If both the "b32" and "b64" audit rules are not defined for the "unload_module" syscall, this is a finding.</check-content></check></Rule></Group><Group id="V-217255"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217255r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020740</version><title>The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. 
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2586,7 +2564,7 @@ Verify that the following command call is being audited by performing the follow
 -a always,exit -F arch=b32 -S init_module,finit_module -F auid&gt;=1000 -F auid!=4294967295 -k moduleload
 -a always,exit -F arch=b64 -S init_module,finit_module -F auid&gt;=1000 -F auid!=4294967295 -k moduleload
 
-If both the "b32" and "b64" audit rules are not defined for the "init_module" and "finit_module" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217257"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217257r854151_rule" weight="10.0" severity="medium"><version>SLES-12-020760</version><title>The SUSE operating system must generate audit records for all modifications to the faillog file.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If both the "b32" and "b64" audit rules are not defined for the "init_module" and "finit_module" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-217257"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217257r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020760</version><title>The SUSE operating system must generate audit records for all modifications to the faillog file.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter).
 
@@ -2606,7 +2584,7 @@ Check that the following is being audited by performing the following command to
 
 -w /var/log/faillog -p wa -k logins
 
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217258"><title>SRG-OS-000074-GPOS-00042</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217258r877396_rule" weight="10.0" severity="medium"><version>SLES-12-030000</version><title>The SUSE operating system must not have the telnet-server package installed.</title><description>&lt;VulnDiscussion&gt;It is detrimental for SUSE operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217258"><title>SRG-OS-000074-GPOS-00042</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217258r987796_rule" weight="10.0" severity="medium"><version>SLES-12-030000</version><title>The SUSE operating system must not have the telnet-server package installed.</title><description>&lt;VulnDiscussion&gt;It is detrimental for SUSE operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 SUSE operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions and functions).
 
@@ -2620,7 +2598,7 @@ Check that the telnet-server package is not installed on the SUSE operating syst
 
 # zypper se telnet-server
 
-If the telnet-server package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-217260"><title>SRG-OS-000024-GPOS-00007</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217260r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030020</version><title>The SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text.</title><description>&lt;VulnDiscussion&gt;The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
+If the telnet-server package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-217260"><title>SRG-OS-000024-GPOS-00007</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217260r958392_rule" weight="10.0" severity="medium"><version>SLES-12-030020</version><title>The SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text.</title><description>&lt;VulnDiscussion&gt;The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
 To establish acceptance of the application usage policy, a click-through banner at system logon is required. The system must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating "OK".&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77433</ident><ident system="http://cyber.mil/legacy">SV-92129</ident><ident system="http://cyber.mil/cci">CCI-000050</ident><fixtext fixref="F-18486r369937_fix">Configure the SUSE operating system file "/etc/gdm/banner" to contain the Standard Mandatory DoD Notice and Consent Banner by running the following commands:
 
@@ -2658,7 +2636,7 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."</check-content></check></Rule></Group><Group id="V-217261"><title>SRG-OS-000096-GPOS-00050</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217261r854152_rule" weight="10.0" severity="medium"><version>SLES-12-030030</version><title>The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.</title><description>&lt;VulnDiscussion&gt;To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems.
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details."</check-content></check></Rule></Group><Group id="V-217261"><title>SRG-OS-000096-GPOS-00050</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217261r958480_rule" weight="10.0" severity="medium"><version>SLES-12-030030</version><title>The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.</title><description>&lt;VulnDiscussion&gt;To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols on information systems.
 
 SUSE operating systems are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component (e.g., VPN and IPS); however, doing so increases risk over limiting the services provided by any one component.
 
@@ -2700,7 +2678,7 @@ Ask the System Administrator for the site or program PPSM Component Local Servic
 
 If there are any additional ports, protocols, or services that are not included in the PPSM CLSA, this is a finding.
 
-If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.</check-content></check></Rule></Group><Group id="V-217262"><title>SRG-OS-000420-GPOS-00186</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217262r854153_rule" weight="10.0" severity="high"><version>SLES-12-030040</version><title>SuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks on the SUSE operating system by implementing rate-limiting measures on impacted network interfaces.</title><description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
+If there are any ports, protocols, or services that are prohibited by the PPSM CAL, this is a finding.</check-content></check></Rule></Group><Group id="V-217262"><title>SRG-OS-000420-GPOS-00186</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217262r958902_rule" weight="10.0" severity="high"><version>SLES-12-030040</version><title>SuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks on the SUSE operating system by implementing rate-limiting measures on impacted network interfaces.</title><description>&lt;VulnDiscussion&gt;DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
 
 This requirement addresses the configuration of the SUSE operating system to mitigate the impact on system availability of DoS attacks that have occurred or are ongoing. For each system, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or establishing memory partitions). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92133</ident><ident system="http://cyber.mil/legacy">V-77437</ident><ident system="http://cyber.mil/cci">CCI-002385</ident><fixtext fixref="F-18488r369943_fix">Configure "SuSEfirewall2" to protect the SUSE operating system against or limit the effects of DoS attacks by implementing rate-limiting measures on impacted network interfaces.
 
@@ -2717,7 +2695,7 @@ Run the following command:
 # grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2
 FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
 
-If the "FW_SERVICES_ACCEPT_EXT" rule does not contain both the "hitcount" and "blockseconds" parameters, this is a finding.</check-content></check></Rule></Group><Group id="V-217263"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217263r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030050</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
+If the "FW_SERVICES_ACCEPT_EXT" rule does not contain both the "hitcount" and "blockseconds" parameters, this is a finding.</check-content></check></Rule></Group><Group id="V-217263"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217263r958390_rule" weight="10.0" severity="medium"><version>SLES-12-030050</version><title>The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the SUSE operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
 
 System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.
 
@@ -2794,7 +2772,7 @@ The output must show the value of "Banner" set to "/etc/issue". An example is sh
 # sudo grep "Banner" /etc/ssh/sshd_config
 Banner /etc/issue
 
-If it does not, this is a finding.</check-content></check></Rule></Group><Group id="V-217264"><title>SRG-OS-000423-GPOS-00187</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217264r916422_rule" weight="10.0" severity="high"><version>SLES-12-030100</version><title>All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.</title><description>&lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
+If it does not, this is a finding.</check-content></check></Rule></Group><Group id="V-217264"><title>SRG-OS-000423-GPOS-00187</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217264r958908_rule" weight="10.0" severity="high"><version>SLES-12-030100</version><title>All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.</title><description>&lt;VulnDiscussion&gt;Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
 
 This requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. 
 
@@ -2834,7 +2812,7 @@ Check that the OpenSSH service active on the SUSE operating system with the foll
 
 Active: active (running) since Thu 2017-01-12 15:03:38 UTC; 1 months 4 days ago
 
-If OpenSSH service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-217265"><title>SRG-OS-000032-GPOS-00013</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217265r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030110</version><title>The SUSE operating system must log SSH connection attempts and failures to the server.</title><description>&lt;VulnDiscussion&gt;Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access management difficult at best.
+If OpenSSH service is not active, this is a finding.</check-content></check></Rule></Group><Group id="V-217265"><title>SRG-OS-000032-GPOS-00013</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217265r958406_rule" weight="10.0" severity="medium"><version>SLES-12-030110</version><title>The SUSE operating system must log SSH connection attempts and failures to the server.</title><description>&lt;VulnDiscussion&gt;Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access management difficult at best.
 
 Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, nonorganization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
 
@@ -2857,7 +2835,7 @@ The output message must contain the following text:
 
 LogLevel VERBOSE
 
-If "LogLevel" is not set to "VERBOSE" or "INFO", the LogLevel keyword is missing, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217266"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217266r858541_rule" weight="10.0" severity="medium"><version>SLES-12-030130</version><title>The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.</title><description>&lt;VulnDiscussion&gt;Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77447</ident><ident system="http://cyber.mil/legacy">SV-92143</ident><ident system="http://cyber.mil/cci">CCI-000052</ident><fixtext fixref="F-18492r369955_fix">Configure the SUSE operating system to provide users with feedback on when account accesses last occurred.
+If "LogLevel" is not set to "VERBOSE" or "INFO", the LogLevel keyword is missing, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217266"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217266r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030130</version><title>The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.</title><description>&lt;VulnDiscussion&gt;Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77447</ident><ident system="http://cyber.mil/legacy">SV-92143</ident><ident system="http://cyber.mil/cci">CCI-000052</ident><fixtext fixref="F-18492r369955_fix">Configure the SUSE operating system to provide users with feedback on when account accesses last occurred.
 
 Add or edit the following lines in the "/etc/ssh/sshd_config" file:
 
@@ -2868,7 +2846,7 @@ Check that "PrintLastLog" keyword in the sshd daemon configuration file is used
 # sudo grep -i printlastlog /etc/ssh/sshd_config
 PrintLastLog yes
 
-If the "PrintLastLog" keyword is set to "no", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217267"><title>SRG-OS-000109-GPOS-00056</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217267r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030140</version><title>The SUSE operating system must deny direct logons to the root account using remote access via SSH.</title><description>&lt;VulnDiscussion&gt;To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
+If the "PrintLastLog" keyword is set to "no", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217267"><title>SRG-OS-000109-GPOS-00056</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217267r1015227_rule" weight="10.0" severity="medium"><version>SLES-12-030140</version><title>The SUSE operating system must deny direct logons to the root account using remote access via SSH.</title><description>&lt;VulnDiscussion&gt;To assure individual accountability and prevent unauthorized access, organizational users must be individually identified and authenticated.
 
 A group authenticator is a generic account used by multiple individuals. Use of a group authenticator alone does not uniquely identify individual users. Examples of the group authenticator is the UNIX OS "root" user account, the Windows "Administrator" account, the "sa" account, or a "helpdesk" account.
 
@@ -2876,7 +2854,7 @@ For example, the UNIX and Windows SUSE operating systems offer a "switch user" c
 
 Users (and any processes acting on behalf of users) need to be uniquely identified and authenticated for all accesses other than those accesses explicitly identified and documented by the organization, which outlines specific user actions that can be performed on the SUSE operating system without identification or authentication.
 
-Requiring individuals to be authenticated with an individual authenticator prior to using a group authenticator allows for traceability of actions, as well as adding an additional level of protection of the actions that can be taken with group account knowledge.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92145</ident><ident system="http://cyber.mil/legacy">V-77449</ident><ident system="http://cyber.mil/cci">CCI-000770</ident><fixtext fixref="F-18493r369958_fix">Configure the SUSE operating system to deny direct logons to the root account using remote access via SSH.
+Requiring individuals to be authenticated with an individual authenticator prior to using a group authenticator allows for traceability of actions, as well as adding an additional level of protection of the actions that can be taken with group account knowledge.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92145</ident><ident system="http://cyber.mil/legacy">V-77449</ident><ident system="http://cyber.mil/cci">CCI-000770</ident><ident system="http://cyber.mil/cci">CCI-004045</ident><fixtext fixref="F-18493r369958_fix">Configure the SUSE operating system to deny direct logons to the root account using remote access via SSH.
 
 Edit the appropriate "/etc/ssh/sshd_config" file, add or uncomment the line for "PermitRootLogin" and set its value to "no" (this file may be named differently or be in a different location):
 
@@ -2887,7 +2865,7 @@ Check that SSH denies any user trying to log on directly as root with the follow
 # sudo grep -i permitrootlogin /etc/ssh/sshd_config
 PermitRootLogin no
 
-If the "PermitRootLogin" keyword is set to "yes", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217268"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217268r877377_rule" weight="10.0" severity="high"><version>SLES-12-030150</version><title>The SUSE operating system must not allow automatic logon via SSH.</title><description>&lt;VulnDiscussion&gt;Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77451</ident><ident system="http://cyber.mil/legacy">SV-92147</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18494r369961_fix">Configure the SUSE operating system disables automatic logon via SSH.
+If the "PermitRootLogin" keyword is set to "yes", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217268"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217268r991591_rule" weight="10.0" severity="high"><version>SLES-12-030150</version><title>The SUSE operating system must not allow automatic logon via SSH.</title><description>&lt;VulnDiscussion&gt;Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77451</ident><ident system="http://cyber.mil/legacy">SV-92147</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18494r369961_fix">Configure the SUSE operating system disables automatic logon via SSH.
 
 Add or edit the following line in the "/etc/ssh/sshd_config" file:
 
@@ -2899,7 +2877,7 @@ Check that automatic logon via SSH is disabled with the following command:
 
 PermitEmptyPasswords no
 
-If "PermitEmptyPasswords" is not set to "no", is missing completely, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217269"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217269r877377_rule" weight="10.0" severity="medium"><version>SLES-12-030151</version><title>The SUSE operating system must not allow users to override SSH environment variables.</title><description>&lt;VulnDiscussion&gt;SSH environment options potentially allow users to bypass access restriction in some configurations.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99011</ident><ident system="http://cyber.mil/legacy">SV-108115</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18495r369964_fix">Configure the SUSE operating system disables unattended logon via SSH.
+If "PermitEmptyPasswords" is not set to "no", is missing completely, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217269"><title>SRG-OS-000480-GPOS-00229</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217269r991591_rule" weight="10.0" severity="medium"><version>SLES-12-030151</version><title>The SUSE operating system must not allow users to override SSH environment variables.</title><description>&lt;VulnDiscussion&gt;SSH environment options potentially allow users to bypass access restriction in some configurations.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99011</ident><ident system="http://cyber.mil/legacy">SV-108115</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18495r369964_fix">Configure the SUSE operating system disables unattended logon via SSH.
 
 Add or edit the following lines in the "/etc/ssh/sshd_config" file:
 
@@ -2911,7 +2889,7 @@ Check that unattended logon via SSH is disabled with the following command:
 
 PermitUserEnvironment no
 
-If the "PermitUserEnvironment" keyword is not set to "no", is missing completely, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217270"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217270r877398_rule" weight="10.0" severity="medium"><version>SLES-12-030170</version><title>The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.</title><description>&lt;VulnDiscussion&gt;Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
+If the "PermitUserEnvironment" keyword is not set to "no", is missing completely, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217270"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217270r958408_rule" weight="10.0" severity="medium"><version>SLES-12-030170</version><title>The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.</title><description>&lt;VulnDiscussion&gt;Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
 
 Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, nonorganization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
 
@@ -2933,7 +2911,7 @@ Check the SSH daemon configuration for allowed ciphers with the following comman
 
 Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 
-If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217271"><title>SRG-OS-000125-GPOS-00065</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217271r877395_rule" weight="10.0" severity="medium"><version>SLES-12-030180</version><title>The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
+If any ciphers other than "aes256-ctr", "aes192-ctr", or "aes128-ctr" are listed, the order differs from the example above, the "Ciphers" keyword is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217271"><title>SRG-OS-000125-GPOS-00065</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217271r958510_rule" weight="10.0" severity="medium"><version>SLES-12-030180</version><title>The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
 
 Remote access (e.g., RDP) is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, nonorganization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless.
 
@@ -2952,11 +2930,11 @@ Check that the SSH daemon is configured to only use MACs that employ FIPS 140-2
 # sudo grep -i macs /etc/ssh/sshd_config
 MACs hmac-sha2-512,hmac-sha2-256
 
-If any hashes other than "hmac-sha2-512" or "hmac-sha2-256" are listed, the order differs from the example above, they are missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217272"><title>SRG-OS-000126-GPOS-00066</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217272r854157_rule" weight="10.0" severity="medium"><version>SLES-12-030190</version><title>The SUSE operating system SSH daemon must be configured with a timeout interval.</title><description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
+If any hashes other than "hmac-sha2-512" or "hmac-sha2-256" are listed, the order differs from the example above, they are missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217272"><title>SRG-OS-000126-GPOS-00066</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217272r1015228_rule" weight="10.0" severity="medium"><version>SLES-12-030190</version><title>The SUSE operating system SSH daemon must be configured with a timeout interval.</title><description>&lt;VulnDiscussion&gt;Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
 
 Terminating network connections associated with communications sessions includes, for example, deallocating associated TCP/IP address/port pairs at the SUSE operating system level, and deallocating networking assignments at the application level if multiple application sessions are using a single SUSE operating system-level network connection. This does not mean that the SUSE operating system terminates all sessions or network access; it only ends the inactive session and releases the resources associated with that session.
 
-Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92155</ident><ident system="http://cyber.mil/legacy">V-77459</ident><ident system="http://cyber.mil/cci">CCI-000879</ident><ident system="http://cyber.mil/cci">CCI-001133</ident><ident system="http://cyber.mil/cci">CCI-002361</ident><fixtext fixref="F-18498r369973_fix">Configure the SUSE operating system SSH daemon to timeout idle sessions.
+Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92155</ident><ident system="http://cyber.mil/legacy">V-77459</ident><ident system="http://cyber.mil/cci">CCI-001133</ident><ident system="http://cyber.mil/cci">CCI-002361</ident><fixtext fixref="F-18498r369973_fix">Configure the SUSE operating system SSH daemon to timeout idle sessions.
 
 Add or modify (to match exactly) the following line in the "/etc/ssh/sshd_config" file:
 
@@ -2969,13 +2947,13 @@ Check that the "ClientAliveInterval" parameter is set to a value of "600" with t
 # sudo grep -i clientalive /etc/ssh/sshd_config
 ClientAliveInterval 600
 
-If "ClientAliveInterval" is not set to "600" in "/etc/ssh/sshd_config", this is a finding.</check-content></check></Rule></Group><Group id="V-217273"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217273r854158_rule" weight="10.0" severity="medium"><version>SLES-12-030191</version><title>The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions.
+If "ClientAliveInterval" is not set to "600" in "/etc/ssh/sshd_config", this is a finding.</check-content></check></Rule></Group><Group id="V-217273"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217273r1015229_rule" weight="10.0" severity="medium"><version>SLES-12-030191</version><title>The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.</title><description>&lt;VulnDiscussion&gt;Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i.e., network disconnect). A logical session (for local, network, and remote access) is initiated whenever a user (or process acting on behalf of a user) accesses an organizational information system. Such user sessions can be terminated (and thus terminate user access) without terminating network sessions.
 
 Session termination terminates all processes associated with a user's logical session except those processes that are specifically created by the user (i.e., session owner) to continue after the session is terminated.
 
 Conditions or trigger events requiring automatic session termination can include, for example, organization-defined periods of user inactivity, targeted responses to certain types of incidents, and time-of-day restrictions on information system use.
 
-This capability is typically reserved for specific SUSE operating system functionality where the system owner, data owner, or organization requires additional assurance.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-96515</ident><ident system="http://cyber.mil/legacy">V-81801</ident><ident system="http://cyber.mil/cci">CCI-001133</ident><ident system="http://cyber.mil/cci">CCI-000879</ident><ident system="http://cyber.mil/cci">CCI-002361</ident><fixtext fixref="F-18499r369976_fix">Configure the SUSE operating system to automatically terminate all network connections associated with SSH traffic at the end of a session or after a "10" minute period of inactivity.
+This capability is typically reserved for specific SUSE operating system functionality where the system owner, data owner, or organization requires additional assurance.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-96515</ident><ident system="http://cyber.mil/legacy">V-81801</ident><ident system="http://cyber.mil/cci">CCI-001133</ident><ident system="http://cyber.mil/cci">CCI-002361</ident><fixtext fixref="F-18499r369976_fix">Configure the SUSE operating system to automatically terminate all network connections associated with SSH traffic at the end of a session or after a "10" minute period of inactivity.
 
 Modify or append the following lines in the "/etc/ssh/sshd_config" file:
 
@@ -2993,7 +2971,7 @@ ClientAliveInterval 600
 
 ClientAliveCountMax 1
 
-If  "ClientAliveCountMax" does not exist or "ClientAliveCountMax" is not set to a value of "1" in "/etc/ssh/sshd_config", or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217274"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217274r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030200</version><title>The SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication.</title><description>&lt;VulnDiscussion&gt;Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77461</ident><ident system="http://cyber.mil/legacy">SV-92157</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18500r369979_fix">Configure the SUSE operating system SSH daemon to not allow authentication using known hosts authentication.
+If  "ClientAliveCountMax" does not exist or "ClientAliveCountMax" is not set to a value of "1" in "/etc/ssh/sshd_config", or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217274"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217274r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030200</version><title>The SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication.</title><description>&lt;VulnDiscussion&gt;Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77461</ident><ident system="http://cyber.mil/legacy">SV-92157</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18500r369979_fix">Configure the SUSE operating system SSH daemon to not allow authentication using known hosts authentication.
 
 Add the following line in "/etc/ssh/sshd_config", or uncomment the line and set the value to "yes":
 
@@ -3005,7 +2983,7 @@ To determine how the SSH daemon's "IgnoreUserKnownHosts" option is set, run the
 
 IgnoreUserKnownHosts yes
 
-If the value is returned as "no", the returned line is commented out, or no output is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217275"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217275r646750_rule" weight="10.0" severity="medium"><version>SLES-12-030210</version><title>The SUSE operating system SSH daemon public host key files must have mode 0644 or less permissive.</title><description>&lt;VulnDiscussion&gt;If a public host key file is modified by an unauthorized user, the SSH service may be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77463</ident><ident system="http://cyber.mil/legacy">SV-92159</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18501r646749_fix">Configure the SUSE operating system SSH daemon public host key files have mode "0644" or less permissive.
+If the value is returned as "no", the returned line is commented out, or no output is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217275"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217275r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030210</version><title>The SUSE operating system SSH daemon public host key files must have mode 0644 or less permissive.</title><description>&lt;VulnDiscussion&gt;If a public host key file is modified by an unauthorized user, the SSH service may be compromised.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77463</ident><ident system="http://cyber.mil/legacy">SV-92159</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18501r646749_fix">Configure the SUSE operating system SSH daemon public host key files have mode "0644" or less permissive.
 
 Note: SSH public key files may be found in other directories on the system depending on the installation. 
 
@@ -3024,7 +3002,7 @@ The following command will find all SSH public key files on the system:
 644 /etc/ssh/ssh_host_ecdsa_key.pub
 644 /etc/ssh/ssh_host_ed25519_key.pub
 
-If any file has a mode more permissive than "0644", this is a finding.</check-content></check></Rule></Group><Group id="V-217276"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217276r880919_rule" weight="10.0" severity="medium"><version>SLES-12-030220</version><title>The SUSE operating system SSH daemon private host key files must have mode 0640 or less permissive.</title><description>&lt;VulnDiscussion&gt;If an unauthorized user obtains the private SSH host key file, the host could be impersonated.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92161</ident><ident system="http://cyber.mil/legacy">V-77465</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18502r880918_fix">Configure the mode of the SUSE operating system SSH daemon private host key files under "/etc/ssh" to "0640" with the following command:
+If any file has a mode more permissive than "0644", this is a finding.</check-content></check></Rule></Group><Group id="V-217276"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217276r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030220</version><title>The SUSE operating system SSH daemon private host key files must have mode 0640 or less permissive.</title><description>&lt;VulnDiscussion&gt;If an unauthorized user obtains the private SSH host key file, the host could be impersonated.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92161</ident><ident system="http://cyber.mil/legacy">V-77465</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18502r880918_fix">Configure the mode of the SUSE operating system SSH daemon private host key files under "/etc/ssh" to "0640" with the following command:
 
      &gt; sudo chmod 0640 /etc/ssh/ssh_host*key</fixtext><fix id="F-18502r880918_fix" /><check system="C-18504r880917_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system SSH daemon private host key files have mode "0640" or less permissive.
 
@@ -3041,7 +3019,7 @@ Check the mode of the private host key files under "/etc/ssh" file with the foll
      640 /etc/ssh/ssh_host_ecdsa_key
      640 /etc/ssh/ssh_host_ed25519_key
 
-If any file has a mode more permissive than "0640", this is a finding.</check-content></check></Rule></Group><Group id="V-217277"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217277r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030230</version><title>The SUSE operating system SSH daemon must perform strict mode checking of home directory configuration files.</title><description>&lt;VulnDiscussion&gt;If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92163</ident><ident system="http://cyber.mil/legacy">V-77467</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18503r369988_fix">Configure the SUSE operating system SSH daemon performs strict mode checking of home directory configuration files.
+If any file has a mode more permissive than "0640", this is a finding.</check-content></check></Rule></Group><Group id="V-217277"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217277r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030230</version><title>The SUSE operating system SSH daemon must perform strict mode checking of home directory configuration files.</title><description>&lt;VulnDiscussion&gt;If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92163</ident><ident system="http://cyber.mil/legacy">V-77467</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18503r369988_fix">Configure the SUSE operating system SSH daemon performs strict mode checking of home directory configuration files.
 
 Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" and set the value to "yes":
 
@@ -3053,7 +3031,7 @@ Check that the SSH daemon performs strict mode checking of home directory config
 
 StrictModes yes
 
-If "StrictModes" is set to "no", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217278"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217278r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030240</version><title>The SUSE operating system SSH daemon must use privilege separation.</title><description>&lt;VulnDiscussion&gt;SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92165</ident><ident system="http://cyber.mil/legacy">V-77469</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18504r369991_fix">Configure the SUSE operating system SSH daemon is configured to use privilege separation.
+If "StrictModes" is set to "no", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217278"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217278r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030240</version><title>The SUSE operating system SSH daemon must use privilege separation.</title><description>&lt;VulnDiscussion&gt;SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92165</ident><ident system="http://cyber.mil/legacy">V-77469</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18504r369991_fix">Configure the SUSE operating system SSH daemon is configured to use privilege separation.
 
 Uncomment the "UsePrivilegeSeparation" keyword in "/etc/ssh/sshd_config" and set the value to "yes" or "sandbox":
 
@@ -3073,7 +3051,7 @@ Check that the SUSE operating system SSH daemon performs privilege separation wi
 
 UsePrivilegeSeparation yes
 
-If the "UsePrivilegeSeparation" keyword is not set to "yes" or "sandbox", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217279"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217279r880925_rule" weight="10.0" severity="medium"><version>SLES-12-030250</version><title>The SUSE operating system SSH daemon must not allow compression or must only allow compression after successful authentication.</title><description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92167</ident><ident system="http://cyber.mil/legacy">V-77471</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18505r880924_fix">Configure the SUSE operating system SSH daemon performs compression after a user successfully authenticates.
+If the "UsePrivilegeSeparation" keyword is not set to "yes" or "sandbox", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217279"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217279r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030250</version><title>The SUSE operating system SSH daemon must not allow compression or must only allow compression after successful authentication.</title><description>&lt;VulnDiscussion&gt;If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92167</ident><ident system="http://cyber.mil/legacy">V-77471</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18505r880924_fix">Configure the SUSE operating system SSH daemon performs compression after a user successfully authenticates.
 
 Uncomment the "Compression" keyword in "/etc/ssh/sshd_config" on the system and set the value to "delayed" or "no":
 
@@ -3086,7 +3064,7 @@ Check that the SSH daemon performs compression after a user successfully authent
      # sudo grep -i compression /etc/ssh/sshd_config
      Compression delayed
 
-If the "Compression" keyword is set to "yes", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217280"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217280r603964_rule" weight="10.0" severity="medium"><version>SLES-12-030260</version><title>The SUSE operating system SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.</title><description>&lt;VulnDiscussion&gt;The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding. A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
+If the "Compression" keyword is set to "yes", is missing, or the returned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217280"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217280r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030260</version><title>The SUSE operating system SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.</title><description>&lt;VulnDiscussion&gt;The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding. A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
 X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X11 authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring if the ForwardX11Trusted option is also enabled.
 If X11 services are not required for the system's intended function, they should be disabled or restricted as appropriate to the system’s needs.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92169</ident><ident system="http://cyber.mil/legacy">V-77473</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18506r622427_fix">Configure the SUSE operating system SSH daemon to disable forwarded X connections for interactive users.
 
@@ -3097,13 +3075,13 @@ X11Forwarding no</fixtext><fix id="F-18506r622427_fix" /><check system="C-18508r
 # sudo grep -i x11forwarding /etc/ssh/sshd_config
 X11Forwarding no
 
-If the "X11Forwarding" keyword is set to "yes" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217281"><title>SRG-OS-000355-GPOS-00143</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217281r877038_rule" weight="10.0" severity="medium"><version>SLES-12-030300</version><title>The SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours.</title><description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
+If the "X11Forwarding" keyword is set to "yes" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-217281"><title>SRG-OS-000355-GPOS-00143</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217281r1015230_rule" weight="10.0" severity="medium"><version>SLES-12-030300</version><title>The SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours.</title><description>&lt;VulnDiscussion&gt;Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
 
 Synchronizing internal information system clocks provides uniformity of time stamps for information systems with multiple system clocks and systems connected over a network.
 
 Organizations should consider endpoints that may not have regular access to the authoritative time server (e.g., mobile, teleworking, and tactical endpoints).
 
-Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77475</ident><ident system="http://cyber.mil/legacy">SV-92171</ident><ident system="http://cyber.mil/cci">CCI-002046</ident><ident system="http://cyber.mil/cci">CCI-001891</ident><fixtext fixref="F-18507r370000_fix">Configure the SUSE operating system clock must be configured to synchronize to an authoritative DoD time source when the time difference is greater than one second. 
+Satisfies: SRG-OS-000355-GPOS-00143, SRG-OS-000356-GPOS-00144&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77475</ident><ident system="http://cyber.mil/legacy">SV-92171</ident><ident system="http://cyber.mil/cci">CCI-002046</ident><ident system="http://cyber.mil/cci">CCI-004926</ident><ident system="http://cyber.mil/cci">CCI-001891</ident><ident system="http://cyber.mil/cci">CCI-004923</ident><fixtext fixref="F-18507r370000_fix">Configure the SUSE operating system clock must be configured to synchronize to an authoritative DoD time source when the time difference is greater than one second. 
 
 To configure the system clock to synchronize to an authoritative DoD time source at least every 24 hours, edit the file "/etc/ntp.conf". Add or correct the following lines by replacing "[time_source]" with an authoritative DoD time source:
 
@@ -3122,7 +3100,7 @@ Verify the "ntp.conf" file is configured to an authoritative DoD time source by
 &gt; sudo grep -i server /etc/ntp.conf
 server 0.us.pool.ntp.mil 
 
-If the parameter "server" is not set or is not set to an authoritative DoD time source, this is a finding.</check-content></check></Rule></Group><Group id="V-217282"><title>SRG-OS-000359-GPOS-00146</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217282r877383_rule" weight="10.0" severity="low"><version>SLES-12-030310</version><title>The SUSE operating system must be configured to use Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).</title><description>&lt;VulnDiscussion&gt;If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
+If the parameter "server" is not set or is not set to an authoritative DoD time source, this is a finding.</check-content></check></Rule></Group><Group id="V-217282"><title>SRG-OS-000359-GPOS-00146</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217282r958788_rule" weight="10.0" severity="low"><version>SLES-12-030310</version><title>The SUSE operating system must be configured to use Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).</title><description>&lt;VulnDiscussion&gt;If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
 
 Time stamps generated by the SUSE operating system include date and time. Time is commonly expressed in UTC, a modern continuation of GMT, or local time with an offset from UTC.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92173</ident><ident system="http://cyber.mil/legacy">V-77477</ident><ident system="http://cyber.mil/cci">CCI-001890</ident><fixtext fixref="F-18508r646757_fix">Configure the SUSE operating system is configured to use UTC or GMT.
 
@@ -3135,7 +3113,7 @@ Check that the SUSE operating system is configured to use UTC or GMT with the fo
 &gt; timedatectl status | grep -i "time zone"
 Timezone: UTC (UTC, +0000)
 
-If "Time zone" is not set to "UTC" or "GMT", this is a finding.</check-content></check></Rule></Group><Group id="V-217283"><title>SRG-OS-000433-GPOS-00192</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217283r854161_rule" weight="10.0" severity="medium"><version>SLES-12-030320</version><title>The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced, with hardware providing the greater strength of mechanism.
+If "Time zone" is not set to "UTC" or "GMT", this is a finding.</check-content></check></Rule></Group><Group id="V-217283"><title>SRG-OS-000433-GPOS-00192</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217283r958928_rule" weight="10.0" severity="medium"><version>SLES-12-030320</version><title>The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced, with hardware providing the greater strength of mechanism.
 
 Examples of attacks are buffer overflow attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92175</ident><ident system="http://cyber.mil/legacy">V-77479</ident><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-18509r646760_fix">Configure the SUSE operating system to prevent leaking of internal kernel addresses by running the following command: 
 
@@ -3152,7 +3130,7 @@ Check that the SUSE operating system prevents leaking of internal kernel address
 &gt; sudo sysctl kernel.kptr_restrict
 kernel.kptr_restrict = 1
 
-If the kernel parameter "kptr_restrict" is not equal to "1" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217284"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217284r854162_rule" weight="10.0" severity="medium"><version>SLES-12-030330</version><title>Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced, with hardware providing the greater strength of mechanism.
+If the kernel parameter "kptr_restrict" is not equal to "1" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217284"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217284r958928_rule" weight="10.0" severity="medium"><version>SLES-12-030330</version><title>Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can either be hardware-enforced or software-enforced, with hardware providing the greater strength of mechanism.
 
 Examples of attacks are buffer overflow attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92177</ident><ident system="http://cyber.mil/legacy">V-77481</ident><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-18510r646763_fix">Configure the SUSE operating system to implement ASLR by running the following commands:
 
@@ -3170,7 +3148,7 @@ Check that the SUSE operating system implements ASLR by running the following co
 
 kernel.randomize_va_space = 2
 
-If the kernel parameter "randomize_va_space" is not equal to "2" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217285"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217285r854163_rule" weight="10.0" severity="medium"><version>SLES-12-030340</version><title>The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+If the kernel parameter "randomize_va_space" is not equal to "2" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217285"><title>SRG-OS-000479-GPOS-00224</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217285r959008_rule" weight="10.0" severity="medium"><version>SLES-12-030340</version><title>The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.</title><description>&lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
 Off-loading is a common process in information systems with limited audit storage capacity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77483</ident><ident system="http://cyber.mil/legacy">SV-92179</ident><ident system="http://cyber.mil/cci">CCI-001851</ident><fixtext fixref="F-18511r370012_fix">Configure the SUSE operating system to off-load rsyslog messages for networked systems in real time.
 
@@ -3193,7 +3171,7 @@ For networked systems, check that rsyslog is sending log messages to a remote se
 
 *.*;mail.none;news.none @192.168.1.101:514
 
-If any active message labels in the file do not have a line to send log messages to a remote server, this is a finding.</check-content></check></Rule></Group><Group id="V-217286"><title>SRG-OS-000142-GPOS-00071</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217286r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030350</version><title>The SUSE operating system must be configured to use TCP syncookies.</title><description>&lt;VulnDiscussion&gt;Denial of Service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
+If any active message labels in the file do not have a line to send log messages to a remote server, this is a finding.</check-content></check></Rule></Group><Group id="V-217286"><title>SRG-OS-000142-GPOS-00071</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217286r958528_rule" weight="10.0" severity="medium"><version>SLES-12-030350</version><title>The SUSE operating system must be configured to use TCP syncookies.</title><description>&lt;VulnDiscussion&gt;Denial of Service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
 
 Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Employing increased capacity and service redundancy may reduce the susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77485</ident><ident system="http://cyber.mil/legacy">SV-92181</ident><ident system="http://cyber.mil/cci">CCI-001095</ident><fixtext fixref="F-18512r370015_fix">Configure the SUSE operating system to use TCP syncookies by running the following command as an administrator:
 
@@ -3209,7 +3187,7 @@ Check to see if syncookies are used with the following command:
 
 net.ipv4.tcp_syncookies = 1
 
-If the value is not set to "1", this is a finding.</check-content></check></Rule></Group><Group id="V-217287"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217287r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030360</version><title>The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77487</ident><ident system="http://cyber.mil/legacy">SV-92183</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18513r370018_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the value is not set to "1", this is a finding.</check-content></check></Rule></Group><Group id="V-217287"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217287r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030360</version><title>The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77487</ident><ident system="http://cyber.mil/legacy">SV-92183</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18513r370018_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv4.conf.all.accept_source_route = 0
 
@@ -3222,7 +3200,7 @@ Check the value of the accept source route variable with the following command:
 # sysctl net.ipv4.conf.all.accept_source_route
 net.ipv4.conf.all.accept_source_route = 0
 
-If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217288"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217288r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030361</version><title>The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-81803</ident><ident system="http://cyber.mil/legacy">SV-96517</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18514r370021_fix">Configure the SUSE operating system to not accept IPv6 source-routed packets by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217288"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217288r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030361</version><title>The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-81803</ident><ident system="http://cyber.mil/legacy">SV-96517</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18514r370021_fix">Configure the SUSE operating system to not accept IPv6 source-routed packets by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv6.conf.all.accept_source_route = 0
 
@@ -3235,7 +3213,7 @@ Check the value of the accept source route variable with the following command:
 # sudo sysctl net.ipv6.conf.all.accept_source_route
 net.ipv6.conf.all.accept_source_route = 0
 
-If the returned line does not have a value of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217289"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217289r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030370</version><title>The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77489</ident><ident system="http://cyber.mil/legacy">SV-92185</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18515r370024_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the returned line does not have a value of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217289"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217289r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030370</version><title>The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77489</ident><ident system="http://cyber.mil/legacy">SV-92185</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18515r370024_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv4.conf.default.accept_source_route = 0
 
@@ -3248,7 +3226,7 @@ Check the value of the default accept source route variable with the following c
 # sysctl net.ipv4.conf.default.accept_source_route
 net.ipv4.conf.default.accept_source_route = 0
 
-If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217290"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217290r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030380</version><title>The SUSE operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77491</ident><ident system="http://cyber.mil/legacy">SV-92187</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18516r370027_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217290"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217290r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030380</version><title>The SUSE operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77491</ident><ident system="http://cyber.mil/legacy">SV-92187</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18516r370027_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 
@@ -3261,7 +3239,7 @@ Check the value of the accept source route variable with the following command:
 # sysctl net.ipv4.icmp_echo_ignore_broadcasts
 net.ipv4.icmp_echo_ignore_broadcasts = 1
 
-If the returned line does not have a value of "1" this is a finding.</check-content></check></Rule></Group><Group id="V-217291"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217291r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030390</version><title>The SUSE operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77493</ident><ident system="http://cyber.mil/legacy">SV-92189</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18517r370030_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the returned line does not have a value of "1" this is a finding.</check-content></check></Rule></Group><Group id="V-217291"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217291r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030390</version><title>The SUSE operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77493</ident><ident system="http://cyber.mil/legacy">SV-92189</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18517r370030_fix">Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv4.conf.all.accept_redirects =0
 
@@ -3274,7 +3252,7 @@ Check the value of the "net.ipv4.conf.all.accept_redirects" variable with the fo
 # sysctl net.ipv4.conf.all.accept_redirects
 net.ipv4.conf.all.accept_redirects =0
 
-If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217292"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217292r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030400</version><title>The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92191</ident><ident system="http://cyber.mil/legacy">V-77495</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18518r370033_fix">Configure the SUSE operating system ignores IPv4 ICMP redirect messages by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
+If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217292"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217292r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030400</version><title>The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92191</ident><ident system="http://cyber.mil/legacy">V-77495</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18518r370033_fix">Configure the SUSE operating system ignores IPv4 ICMP redirect messages by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
 net.ipv4.conf.default.accept_redirects = 0
 
@@ -3287,7 +3265,7 @@ Check the value of the "accept_redirects" variables with the following command:
 # sysctl net.ipv4.conf.default.accept_redirects
 net.ipv4.conf.default.accept_redirects = 0
 
-If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217293"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217293r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030401</version><title>The SUSE operating system must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-96519</ident><ident system="http://cyber.mil/legacy">V-81805</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18519r370036_fix">Configure the SUSE operating system to not allow IPv6 ICMP redirect messages by default. 
+If the returned line does not have a value of "0" this is a finding.</check-content></check></Rule></Group><Group id="V-217293"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217293r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030401</version><title>The SUSE operating system must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-96519</ident><ident system="http://cyber.mil/legacy">V-81805</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18519r370036_fix">Configure the SUSE operating system to not allow IPv6 ICMP redirect messages by default. 
 
 Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
@@ -3302,7 +3280,7 @@ Check the value of the "default accept_redirects" variables with the following c
 # sudo sysctl net.ipv6.conf.default.accept_redirects
 net.ipv6.conf.default.accept_redirects = 0
 
-If the returned line does not have a value of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217294"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217294r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030410</version><title>The SUSE operating system must not allow interfaces to send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77497</ident><ident system="http://cyber.mil/legacy">SV-92193</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18520r370039_fix">Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects by default. 
+If the returned line does not have a value of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-217294"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217294r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030410</version><title>The SUSE operating system must not allow interfaces to send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77497</ident><ident system="http://cyber.mil/legacy">SV-92193</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18520r370039_fix">Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects by default. 
 
 Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
@@ -3317,7 +3295,7 @@ Check the value of the "default send_redirects" variables with the following com
 # sysctl net.ipv4.conf.default.send_redirects
 net.ipv4.conf.default.send_redirects = 0
 
-If the returned line does not have a value of "0” this is a finding.</check-content></check></Rule></Group><Group id="V-217295"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217295r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030420</version><title>The SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77499</ident><ident system="http://cyber.mil/legacy">SV-92195</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18521r370042_fix">Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects. 
+If the returned line does not have a value of "0” this is a finding.</check-content></check></Rule></Group><Group id="V-217295"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217295r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030420</version><title>The SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77499</ident><ident system="http://cyber.mil/legacy">SV-92195</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18521r370042_fix">Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects. 
 
 Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value):
 
@@ -3332,7 +3310,7 @@ Check the value of the "all send_redirects" variables with the following command
 # sysctl net.ipv4.conf.all.send_redirects
 net.ipv4.conf.all.send_redirects =0
 
-If the returned line does not have a value of "0” this is a finding.</check-content></check></Rule></Group><Group id="V-217296"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217296r646767_rule" weight="10.0" severity="medium"><version>SLES-12-030430</version><title>The SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77501</ident><ident system="http://cyber.mil/legacy">SV-92197</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18522r646766_fix">Configure the SUSE operating system to not performing IPv4 packet forwarding by running the following command as an administrator:
+If the returned line does not have a value of "0” this is a finding.</check-content></check></Rule></Group><Group id="V-217296"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217296r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030430</version><title>The SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77501</ident><ident system="http://cyber.mil/legacy">SV-92197</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18522r646766_fix">Configure the SUSE operating system to not performing IPv4 packet forwarding by running the following command as an administrator:
 
 &gt; sudo sysctl -w net.ipv4.ip_forward=0
 
@@ -3347,7 +3325,7 @@ Check to see if IPv4 forwarding is enabled using the following command:
 &gt; sysctl net.ipv4.ip_forward
 net.ipv4.ip_forward = 0
 
-If the network parameter "ipv4.ip_forward" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217297"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217297r603262_rule" weight="10.0" severity="medium"><version>SLES-12-030440</version><title>The SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.</title><description>&lt;VulnDiscussion&gt;Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow then to collect information such as logon IDs, passwords, and key exchanges between systems.
+If the network parameter "ipv4.ip_forward" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-217297"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217297r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030440</version><title>The SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.</title><description>&lt;VulnDiscussion&gt;Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow then to collect information such as logon IDs, passwords, and key exchanges between systems.
 
 If the system is being used to perform a network troubleshooting function, the use of these tools must be documented with the Information System Security Officer (ISSO) and restricted to only authorized personnel.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92199</ident><ident system="http://cyber.mil/legacy">V-77503</ident><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-18523r370048_fix">Configure the SUSE operating system network interfaces to turn off promiscuous mode unless approved by the ISSO and documented.
 
@@ -3359,7 +3337,7 @@ Check for the status with the following command:
 
 # ip link | grep -i promisc
 
-If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.</check-content></check></Rule></Group><Group id="V-217298"><title>SRG-OS-000299-GPOS-00117</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217298r854164_rule" weight="10.0" severity="medium"><version>SLES-12-030450</version><title>The SUSE operating system wireless network adapters must be disabled unless approved and documented.</title><description>&lt;VulnDiscussion&gt;Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the SUSE operating system.
+If network interfaces are found on the system in promiscuous mode and their use has not been approved by the ISSO and documented, this is a finding.</check-content></check></Rule></Group><Group id="V-217298"><title>SRG-OS-000299-GPOS-00117</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217298r991568_rule" weight="10.0" severity="medium"><version>SLES-12-030450</version><title>The SUSE operating system wireless network adapters must be disabled unless approved and documented.</title><description>&lt;VulnDiscussion&gt;Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the SUSE operating system.
 
 This requirement applies to wireless peripheral technologies (e.g., wireless mice, keyboards, displays, etc.) used with A SUSE operating system. Wireless peripherals (e.g., Wi-Fi/Bluetooth/IR Keyboards, Mice, and Pointing Devices and Near Field Communications [NFC]) present a unique challenge by creating an open, unsecured port on a computer. Wireless peripherals must meet DoD requirements for wireless data transmission and be approved for use by the AO. Even though some wireless peripherals, such as mice and pointing devices, do not ordinarily carry information that need to be protected, modification of communications with these wireless peripherals may be used to compromise the SUSE operating system. Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification.
 
@@ -3411,7 +3389,7 @@ route: ipv4 default via 10.0.0.1 proto dhcp
 
 If a wireless interface is configured it must be documented and approved by the local Authorizing Official.
 
-If a wireless interface is configured and has not been documented and approved, this is a finding.</check-content></check></Rule></Group><Group id="V-217299"><title>SRG-OS-000375-GPOS-00160</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217299r854165_rule" weight="10.0" severity="medium"><version>SLES-12-030500</version><title>The SUSE operating system must have the packages required for multifactor authentication to be installed.</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
+If a wireless interface is configured and has not been documented and approved, this is a finding.</check-content></check></Rule></Group><Group id="V-217299"><title>SRG-OS-000375-GPOS-00160</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217299r1015231_rule" weight="10.0" severity="medium"><version>SLES-12-030500</version><title>The SUSE operating system must have the packages required for multifactor authentication to be installed.</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
 
 Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards such as the U.S. Government Personal Identity Verification card and the DoD Common Access Card.
 
@@ -3421,7 +3399,7 @@ Remote access is access to DoD nonpublic information systems by an authorized us
 
 This requirement only applies to components where this is specific to the function of the device or has the concept of an organizational user (e.g., VPN, proxy capability). This does not apply to authentication for the purpose of configuring the device itself (management).
 
-Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77507</ident><ident system="http://cyber.mil/legacy">SV-92203</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><fixtext fixref="F-18525r370054_fix">Configure the SUSE operating system to implement multifactor authentication by installing the required packages.
+Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77507</ident><ident system="http://cyber.mil/legacy">SV-92203</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-004046</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><fixtext fixref="F-18525r370054_fix">Configure the SUSE operating system to implement multifactor authentication by installing the required packages.
 
 Install the packages required to support multifactor authentication with the following commands:
 
@@ -3468,7 +3446,7 @@ i | opensc | Smart Card Utilities | package
 
 Installed: Yes
 
-If any of the packages required for multifactor authentication are not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-217300"><title>SRG-OS-000375-GPOS-00160</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217300r854166_rule" weight="10.0" severity="medium"><version>SLES-12-030510</version><title>The SUSE operating system must implement certificate status checking for multifactor authentication.</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a Common Access Card (CAC) or token separate from the information system, ensures credentials stored on the authentication device will not be affected if the information system is compromised.
+If any of the packages required for multifactor authentication are not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-217300"><title>SRG-OS-000375-GPOS-00160</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217300r1015232_rule" weight="10.0" severity="medium"><version>SLES-12-030510</version><title>The SUSE operating system must implement certificate status checking for multifactor authentication.</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a Common Access Card (CAC) or token separate from the information system, ensures credentials stored on the authentication device will not be affected if the information system is compromised.
 
 Multifactor solutions that require devices separate from information systems to gain access include: hardware tokens providing time-based or challenge-response authenticators, and smart cards such as the U.S. Government Personal Identity Verification (PIV) card and the DoD CAC.
 
@@ -3478,7 +3456,7 @@ Remote access is access to DoD nonpublic information systems by an authorized us
 
 This requirement only applies to components with device-specific functions, or for organizational users (e.g., VPN, proxy capability). This does not apply to authentication for the purpose of configuring the device itself (management).
 
-Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77509</ident><ident system="http://cyber.mil/legacy">SV-92205</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><fixtext fixref="F-18526r370057_fix">Configure the SUSE operating system to certificate status checking for PKI authentication.
+Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161, SRG-OS-000377-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77509</ident><ident system="http://cyber.mil/legacy">SV-92205</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-004046</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><fixtext fixref="F-18526r370057_fix">Configure the SUSE operating system to certificate status checking for PKI authentication.
 
 Modify all of the cert_policy lines in "/etc/pam_pkcs11/pam_pkcs11.conf" to include "ocsp_on".
 
@@ -3492,7 +3470,7 @@ Check that certificate status checking for multifactor authentication is impleme
 
 cert_policy = ca,ocsp_on,signature,crl_auto;
 
-If "cert_policy" is not set to include "ocsp_on", this is a finding.</check-content></check></Rule></Group><Group id="V-217301"><title>SRG-OS-000068-GPOS-00036</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217301r854167_rule" weight="10.0" severity="medium"><version>SLES-12-030520</version><title>The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
+If "cert_policy" is not set to include "ocsp_on", this is a finding.</check-content></check></Rule></Group><Group id="V-217301"><title>SRG-OS-000068-GPOS-00036</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217301r1015233_rule" weight="10.0" severity="medium"><version>SLES-12-030520</version><title>The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).</title><description>&lt;VulnDiscussion&gt;Using an authentication device, such as a CAC or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
 
 Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-based or challenge-response authenticators and smart cards such as the U.S. Government Personal Identity Verification card and the DoD Common Access Card.
 
@@ -3502,7 +3480,7 @@ Remote access is access to DoD nonpublic information systems by an authorized us
 
 This requirement only applies to components where this is specific to the function of the device or has the concept of an organizational user (e.g., VPN, proxy capability). This does not apply to authentication for the purpose of configuring the device itself (management).
 
-Satisfies: SRG-OS-000068-GPOS-00036, SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160, SRG-OS-000375-GPOS-00161, SRG-OS-000375-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77511</ident><ident system="http://cyber.mil/legacy">SV-92207</ident><ident system="http://cyber.mil/cci">CCI-000765</ident><ident system="http://cyber.mil/cci">CCI-000766</ident><ident system="http://cyber.mil/cci">CCI-000767</ident><ident system="http://cyber.mil/cci">CCI-000768</ident><ident system="http://cyber.mil/cci">CCI-000187</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><fixtext fixref="F-18527r370060_fix">Configure the SUSE operating system to implement multifactor authentication for remote access to privileged accounts via PAM.
+Satisfies: SRG-OS-000068-GPOS-00036, SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055, SRG-OS-000375-GPOS-00160, SRG-OS-000375-GPOS-00161, SRG-OS-000375-GPOS-00162&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-77511</ident><ident system="http://cyber.mil/legacy">SV-92207</ident><ident system="http://cyber.mil/cci">CCI-000765</ident><ident system="http://cyber.mil/cci">CCI-000766</ident><ident system="http://cyber.mil/cci">CCI-000767</ident><ident system="http://cyber.mil/cci">CCI-000768</ident><ident system="http://cyber.mil/cci">CCI-000187</ident><ident system="http://cyber.mil/cci">CCI-001948</ident><ident system="http://cyber.mil/cci">CCI-004046</ident><ident system="http://cyber.mil/cci">CCI-001953</ident><ident system="http://cyber.mil/cci">CCI-001954</ident><fixtext fixref="F-18527r370060_fix">Configure the SUSE operating system to implement multifactor authentication for remote access to privileged accounts via PAM.
 
 Add or update "pam_pkcs11.so" in "/etc/pam.d/common-auth" to match the following line:
 
@@ -3514,7 +3492,7 @@ Check that the "pam_pkcs11.so" option is configured in the "/etc/pam.d/common-au
 
 auth sufficient pam_pkcs11.so
 
-If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.</check-content></check></Rule></Group><Group id="V-217302"><title>SRG-OS-000066-GPOS-00034</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217302r854168_rule" weight="10.0" severity="medium"><version>SLES-12-030530</version><title>The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.</title><description>&lt;VulnDiscussion&gt;Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
+If "pam_pkcs11.so" is not set in "/etc/pam.d/common-auth", this is a finding.</check-content></check></Rule></Group><Group id="V-217302"><title>SRG-OS-000066-GPOS-00034</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-217302r1015234_rule" weight="10.0" severity="medium"><version>SLES-12-030530</version><title>The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.</title><description>&lt;VulnDiscussion&gt;Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted.
 
 A trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructures, X.509 digital certificates, and DNSSEC.
 
@@ -3522,7 +3500,7 @@ When there is a chain of trust, usually the top entity to be trusted becomes the
 
 This requirement verifies that a certification path to an accepted trust anchor is used for certificate validation and that the path includes status information. Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate not already explicitly trusted. Status information for certification paths includes certificate revocation lists or online certificate status protocol responses. Validation of the certificate status information is out of scope for this requirement.
 
-Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000384-GPOS-00167&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92209</ident><ident system="http://cyber.mil/legacy">V-77513</ident><ident system="http://cyber.mil/cci">CCI-000185</ident><ident system="http://cyber.mil/cci">CCI-001991</ident><fixtext fixref="F-18528r370063_fix">Configure the SUSE operating system, for PKI-based authentication, to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
+Satisfies: SRG-OS-000066-GPOS-00034, SRG-OS-000384-GPOS-00167&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-92209</ident><ident system="http://cyber.mil/legacy">V-77513</ident><ident system="http://cyber.mil/cci">CCI-000185</ident><ident system="http://cyber.mil/cci">CCI-001991</ident><ident system="http://cyber.mil/cci">CCI-004068</ident><fixtext fixref="F-18528r370063_fix">Configure the SUSE operating system, for PKI-based authentication, to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
 
 Modify all of the cert_policy lines in "/etc/pam_pkcs11/pam_pkcs11.conf" to include "ca":
 
@@ -3538,42 +3516,32 @@ Check that the certification path to an accepted trust anchor for multifactor au
 
 cert_policy = ca,oscp_on,signature,crl_auto;
 
-If "cert_policy" is not set to include "ca", this is a finding.</check-content></check></Rule></Group><Group id="V-222385"><title>SRG-OS-000191-GPOS-00080</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-222385r942854_rule" weight="10.0" severity="medium"><version>SLES-12-010599</version><title>The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool.</title><description>&lt;VulnDiscussion&gt;Adding endpoint security tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-92249</ident><ident system="http://cyber.mil/legacy">SV-102351</ident><ident system="http://cyber.mil/cci">CCI-001233</ident><fixtext fixref="F-36322r942853_fix">Install and enable the latest Trellix ENSLTP package.</fixtext><fix id="F-36322r942853_fix" /><check system="C-18385r942852_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Check that the following package has been installed:
-
-# rpm -qa | grep -i mcafeetp
-
-If the "mcafeetp" package is not installed, this is a finding.
-
-Verify that the daemon is running:
-
-# ps -ef | grep -i mfetpd
-
-If the daemon is not running, this is a finding.</check-content></check></Rule></Group><Group id="V-222386"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-222386r864046_rule" weight="10.0" severity="high"><version>SLES-12-030611</version><title>The SUSE operating system must use a virus scan program.</title><description>&lt;VulnDiscussion&gt;Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. 
-
-The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis.
-
+If "cert_policy" is not set to include "ca", this is a finding.</check-content></check></Rule></Group><Group id="V-222386"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-222386r991589_rule" weight="10.0" severity="high"><version>SLES-12-030611</version><title>The SUSE operating system must use a virus scan program.</title><description>&lt;VulnDiscussion&gt;Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. 
+
+The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis.
+
 If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-102727</ident><ident system="http://cyber.mil/legacy">SV-111689</ident><ident system="http://cyber.mil/cci">CCI-001668</ident><fixtext fixref="F-21313r466211_fix">Install an antivirus solution on the system.</fixtext><fix id="F-21313r466211_fix" /><check system="C-19592r466210_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution.
 
 If there is no anti-virus solution installed on the system, this is a finding.
-</check-content></check></Rule></Group><Group id="V-233308"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-233308r603331_rule" weight="10.0" severity="medium"><version>SLES-12-030261</version><title>The SUSE operating system SSH daemon must prevent remote hosts from connecting to the proxy display.</title><description>&lt;VulnDiscussion&gt;When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-36467r622237_fix">Configure the SUSE operating system SSH daemon to prevent remote hosts from connecting to the proxy display.
-
-Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the "X11UseLocalhost" keyword and set its value to "yes" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
-
-X11UseLocalhost yes</fixtext><fix id="F-36467r622237_fix" /><check system="C-36503r622236_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system SSH daemon prevents remote hosts from connecting to the proxy display.
-
-Check the SSH X11UseLocalhost setting with the following command:
-
-# sudo grep -i x11uselocalhost /etc/ssh/sshd_config
-X11UseLocalhost yes
-
-If the "X11UseLocalhost" keyword is set to "no", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-237603"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237603r646772_rule" weight="10.0" severity="medium"><version>SLES-12-010111</version><title>The SUSE operating system must restrict privilege elevation to authorized personnel.</title><description>&lt;VulnDiscussion&gt;The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40785r646771_fix">Remove the following entries from the sudoers file:
+</check-content></check></Rule></Group><Group id="V-233308"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-233308r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030261</version><title>The SUSE operating system SSH daemon must prevent remote hosts from connecting to the proxy display.</title><description>&lt;VulnDiscussion&gt;When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-36467r622237_fix">Configure the SUSE operating system SSH daemon to prevent remote hosts from connecting to the proxy display.
+
+Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the "X11UseLocalhost" keyword and set its value to "yes" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor):
+
+X11UseLocalhost yes</fixtext><fix id="F-36467r622237_fix" /><check system="C-36503r622236_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the SUSE operating system SSH daemon prevents remote hosts from connecting to the proxy display.
+
+Check the SSH X11UseLocalhost setting with the following command:
+
+# sudo grep -i x11uselocalhost /etc/ssh/sshd_config
+X11UseLocalhost yes
+
+If the "X11UseLocalhost" keyword is set to "no", is missing, or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-237603"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237603r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010111</version><title>The SUSE operating system must restrict privilege elevation to authorized personnel.</title><description>&lt;VulnDiscussion&gt;The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40785r646771_fix">Remove the following entries from the sudoers file:
 ALL     ALL=(ALL) ALL
 ALL     ALL=(ALL:ALL) ALL</fixtext><fix id="F-40785r646771_fix" /><check system="C-40822r646770_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify the "sudoers" file restricts sudo access to authorized personnel.
 $ sudo grep -iw 'ALL' /etc/sudoers /etc/sudoers.d/*
 
 If the either of the following entries are returned, this is a finding:
 ALL     ALL=(ALL) ALL
-ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-237604"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237604r861101_rule" weight="10.0" severity="medium"><version>SLES-12-010112</version><title>The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".</title><description>&lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
+ALL     ALL=(ALL:ALL) ALL</check-content></check></Rule></Group><Group id="V-237604"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237604r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010112</version><title>The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".</title><description>&lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
 For more information on each of the listed configurations, reference the sudoers(5) manual page.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002227</ident><fixtext fixref="F-40786r646774_fix">Define the following in the Defaults section of the /etc/sudoers file or a configuration file in the /etc/sudoers.d/ directory:
 Defaults !targetpw
 Defaults !rootpw
@@ -3588,11 +3556,11 @@ Defaults !runaspw</fixtext><fix id="F-40786r646774_fix" /><check system="C-40823
 If conflicting results are returned, this is a finding.
 If "Defaults !targetpw" is not defined, this is a finding.
 If "Defaults !rootpw" is not defined, this is a finding.
-If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237605"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237605r861104_rule" weight="10.0" severity="medium"><version>SLES-12-010113</version><title>The SUSE operating system must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237605"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237605r1015235_rule" weight="10.0" severity="medium"><version>SLES-12-010113</version><title>The SUSE operating system must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
 When operating systems provide the capability to escalate a functional capability, it is critical the organization requires the user to re-authenticate when using the "sudo" command.
 
-If the value is set to an integer less than 0, the user's time stamp will not expire and the user will not have to re-authenticate for privileged actions until the user's session is terminated.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-40787r861103_fix">Configure the "sudo" command to require re-authentication.
+If the value is set to an integer less than 0, the user's time stamp will not expire and the user will not have to re-authenticate for privileged actions until the user's session is terminated.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002038</ident><ident system="http://cyber.mil/cci">CCI-004895</ident><fixtext fixref="F-40787r861103_fix">Configure the "sudo" command to require re-authentication.
 Edit the /etc/sudoers file:
 &gt; sudo visudo
 
@@ -3605,7 +3573,7 @@ Note: The "[value]" must be a number that is greater than or equal to "0".</fixt
 
 If conflicting results are returned, this is a finding.
 
-If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237606"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237606r646781_rule" weight="10.0" severity="medium"><version>SLES-12-010631</version><title>The SUSE operating system must not have unnecessary account capabilities.</title><description>&lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary non-interactive accounts should not have an interactive shell assigned to them.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40788r646780_fix">Configure the SUSE operating system so that all non-interactive accounts on the system have no interactive shell assigned to them.
+If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237606"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237606r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010631</version><title>The SUSE operating system must not have unnecessary account capabilities.</title><description>&lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary non-interactive accounts should not have an interactive shell assigned to them.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40788r646780_fix">Configure the SUSE operating system so that all non-interactive accounts on the system have no interactive shell assigned to them.
 
 Run the following command to disable the interactive shell for a specific non-interactive user account:
 
@@ -3619,7 +3587,7 @@ Check the system accounts on the system with the following command:
 root:0:/bin/bash
 nobody:65534:/bin/bash
 
-If a non-interactive accounts such as "games" or "nobody" is listed with an interactive shell, this is a finding.</check-content></check></Rule></Group><Group id="V-237607"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237607r646784_rule" weight="10.0" severity="medium"><version>SLES-12-010871</version><title>The SUSE operating system library files must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If a non-interactive accounts such as "games" or "nobody" is listed with an interactive shell, this is a finding.</check-content></check></Rule></Group><Group id="V-237607"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237607r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010871</version><title>The SUSE operating system library files must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40789r646783_fix">Configure the library files to be protected from unauthorized access. Run the following command:
 
@@ -3629,7 +3597,7 @@ Check that the system-wide shared library files have mode 0755 or less permissiv
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec stat -c "%n %a" '{}' \;
 
-If any files are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237608"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237608r646787_rule" weight="10.0" severity="medium"><version>SLES-12-010872</version><title>The SUSE operating system library directories must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any files are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237608"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237608r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010872</version><title>The SUSE operating system library directories must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40790r646786_fix">Configure the shared library directories to be protected from unauthorized access. Run the following command:
 
@@ -3639,7 +3607,7 @@ Check that the system-wide shared library directories have mode 0755 or less per
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type d -exec stat -c "%n %a" '{}' \;
 
-If any of the aforementioned directories are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237609"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237609r646790_rule" weight="10.0" severity="medium"><version>SLES-12-010873</version><title>The SUSE operating system library files must be owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any of the aforementioned directories are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237609"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237609r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010873</version><title>The SUSE operating system library files must be owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40791r646789_fix">Configure the system library files to be protected from unauthorized access. Run the following command:
 
@@ -3649,7 +3617,7 @@ Check that the system-wide shared library files are owned by root with the follo
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type f -exec stat -c "%n %U" '{}' \;
 
-If any system wide library file is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237610"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237610r646793_rule" weight="10.0" severity="medium"><version>SLES-12-010874</version><title>The SUSE operating system library directories must be owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system wide library file is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237610"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237610r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010874</version><title>The SUSE operating system library directories must be owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40792r646792_fix">Configure the library files and their respective parent directories to be protected from unauthorized access. Run the following command:
 
@@ -3659,7 +3627,7 @@ Check that the system-wide shared library directories are owned by root with the
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d -exec stat -c "%n %U" '{}' \;
 
-If any system wide library directory is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237611"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237611r646796_rule" weight="10.0" severity="medium"><version>SLES-12-010875</version><title>The SUSE operating system library files must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system wide library directory is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237611"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237611r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010875</version><title>The SUSE operating system library files must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40793r646795_fix">Configure the system library files to be protected from unauthorized access. Run the following command:
 
@@ -3669,7 +3637,7 @@ Check that the system-wide library files are group-owned by root with the follow
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 ! -group root -type f -exec stat -c "%n %G" '{}' \;
 
-If any system wide shared library file is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237612"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237612r646799_rule" weight="10.0" severity="medium"><version>SLES-12-010876</version><title>The SUSE operating system library directories must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system wide shared library file is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237612"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237612r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010876</version><title>The SUSE operating system library directories must be group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40794r646798_fix">Configure the system library directories to be protected from unauthorized access. Run the following command:
 
@@ -3679,7 +3647,7 @@ Check that the system-wide library directories are group-owned by root with the
 
 &gt; sudo find /lib /lib64 /usr/lib /usr/lib64 ! -group root -type d -exec stat -c "%n %G" '{}' \;
 
-If any system wide shared library directory is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237613"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237613r917814_rule" weight="10.0" severity="medium"><version>SLES-12-010877</version><title>The SUSE operating system must have system commands set to a mode of 755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system wide shared library directory is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237613"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237613r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010877</version><title>The SUSE operating system must have system commands set to a mode of 755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40795r646801_fix">Configure the system commands to be protected from unauthorized access. Run the following command:
 
@@ -3696,7 +3664,7 @@ Check that the system command files have mode 755 or less permissive with the fo
 
 &gt; find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -type f -exec stat -c "%n %a" '{}' \;
 
-If any files are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237614"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237614r646805_rule" weight="10.0" severity="medium"><version>SLES-12-010878</version><title>The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any files are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237614"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237614r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010878</version><title>The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40796r646804_fix">Configure the system commands directories to be protected from unauthorized access. Run the following command:
 
@@ -3713,7 +3681,7 @@ Check that the system command directories have mode 0755 or less permissive with
 
 &gt; find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -type d -exec stat -c "%n %a" '{}' \;
 
-If any directories are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237615"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237615r646808_rule" weight="10.0" severity="medium"><version>SLES-12-010879</version><title>The SUSE operating system must have system commands owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any directories are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-237615"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237615r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010879</version><title>The SUSE operating system must have system commands owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40797r646807_fix">Configure the system commands - and their respective parent directories - to be protected from unauthorized access. Run the following command:
 
@@ -3730,7 +3698,7 @@ Use the following command for the check:
 
 &gt; sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type f -exec stat -c "%n %U" '{}' \;
 
-If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237616"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237616r646811_rule" weight="10.0" severity="medium"><version>SLES-12-010881</version><title>The SUSE operating system must have directories that contain system commands owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237616"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237616r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010881</version><title>The SUSE operating system must have directories that contain system commands owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40798r646810_fix">Configure the system commands directories to be protected from unauthorized access. Run the following command:
 
@@ -3747,7 +3715,7 @@ Use the following command for the check:
 
 &gt; sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type d -exec stat -c "%n %U" '{}' \;
 
-If any system commands directories are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237617"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237617r832997_rule" weight="10.0" severity="medium"><version>SLES-12-010882</version><title>The SUSE operating system must have system commands group-owned by root or a system account.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system commands directories are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237617"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237617r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010882</version><title>The SUSE operating system must have system commands group-owned by root or a system account.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40799r832996_fix">Configure the system commands to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any system command file not group-owned by "root" or a required system account.
 
@@ -3764,7 +3732,7 @@ Run the check with the following command:
 
 &gt; sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -type f -exec stat -c "%n %G" '{}' \;
 
-If any system commands are returned that are not Set Group ID upon execution (SGID) files and group-owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-237618"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237618r646817_rule" weight="10.0" severity="medium"><version>SLES-12-010883</version><title>The SUSE operating system must have directories that contain system commands group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system commands are returned that are not Set Group ID upon execution (SGID) files and group-owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-237618"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237618r991560_rule" weight="10.0" severity="medium"><version>SLES-12-010883</version><title>The SUSE operating system must have directories that contain system commands group-owned by root.</title><description>&lt;VulnDiscussion&gt;If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
 This requirement applies to SUSE operating systems with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs which execute with escalated privileges. Only qualified and authorized individuals must be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-40800r646816_fix">Configure the system commands directories to be protected from unauthorized access. Run the following command:
 
@@ -3781,7 +3749,7 @@ Run the check with the following command:
 
 &gt; sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -type d -exec stat -c "%n %G" '{}' \;
 
-If any system commands directories are returned that are not Set Group ID up on execution (SGID) files and owned by a privileged account, this is a finding.</check-content></check></Rule></Group><Group id="V-237619"><title>SRG-OS-000074-GPOS-00042</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237619r877396_rule" weight="10.0" severity="medium"><version>SLES-12-030011</version><title>The SUSE operating system must not have the vsftpd package installed if not required for operational support.</title><description>&lt;VulnDiscussion&gt;It is detrimental for SUSE operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked, and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If any system commands directories are returned that are not Set Group ID up on execution (SGID) files and owned by a privileged account, this is a finding.</check-content></check></Rule></Group><Group id="V-237619"><title>SRG-OS-000074-GPOS-00042</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237619r987796_rule" weight="10.0" severity="medium"><version>SLES-12-030011</version><title>The SUSE operating system must not have the vsftpd package installed if not required for operational support.</title><description>&lt;VulnDiscussion&gt;It is detrimental for SUSE operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked, and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
 SUSE operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions and functions).
 
@@ -3793,7 +3761,7 @@ Check that the vsftpd package is not installed on the SUSE operating system by r
 
 &gt; zypper info vsftpd | grep Installed
 
-If "vsftpd" is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-237620"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237620r646823_rule" weight="10.0" severity="medium"><version>SLES-12-030362</version><title>The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40802r646822_fix">Configure the SUSE operating system to disable IPv6 default source routing by running the following command as an administrator:
+If "vsftpd" is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-237620"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237620r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030362</version><title>The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40802r646822_fix">Configure the SUSE operating system to disable IPv6 default source routing by running the following command as an administrator:
 
 &gt; sudo sysctl -w net.ipv6.conf.default.accept_source_route=0
 
@@ -3808,7 +3776,7 @@ Check the value of the default IPv6 accept source route variable with the follow
 &gt; sudo sysctl net.ipv6.conf.default.accept_source_route
 net.ipv6.conf.default.accept_source_route = 0
 
-If the network parameter "ipv6.conf.default.accept_source_route" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237621"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237621r646826_rule" weight="10.0" severity="medium"><version>SLES-12-030363</version><title>The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40803r646825_fix">Configure the SUSE operating system to not accept IPv6 ICMP redirect messages by running the following command as an administrator:
+If the network parameter "ipv6.conf.default.accept_source_route" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237621"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237621r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030363</version><title>The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40803r646825_fix">Configure the SUSE operating system to not accept IPv6 ICMP redirect messages by running the following command as an administrator:
 
 &gt; sudo sysctl -w net.ipv6.conf.all.accept_redirects=0
 
@@ -3824,7 +3792,7 @@ Check the value of the IPv6 accept_redirects variable with the following command
 &gt; sudo sysctl net.ipv6.conf.all.accept_redirects
 net.ipv6.conf.all.accept_redirects =0
 
-If the network parameter "ipv6.conf.all.accept_redirects" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237622"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237622r646829_rule" weight="10.0" severity="medium"><version>SLES-12-030364</version><title>The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40804r646828_fix">Configure the SUSE operating system to not performing IPv6 packet forwarding by running the following command as an administrator:
+If the network parameter "ipv6.conf.all.accept_redirects" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237622"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237622r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030364</version><title>The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40804r646828_fix">Configure the SUSE operating system to not performing IPv6 packet forwarding by running the following command as an administrator:
 
 &gt; sudo sysctl -w net.ipv6.conf.all.forwarding=0
 
@@ -3839,7 +3807,7 @@ Check to see if IPv6 forwarding is enabled using the following command:
 &gt; sudo sysctl net.ipv6.conf.all.forwarding
 net.ipv6.conf.all.forwarding = 0
 
-If the network parameter "ipv6.conf.all.forwarding" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237623"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237623r646832_rule" weight="10.0" severity="medium"><version>SLES-12-030365</version><title>The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40805r646831_fix">Configure the SUSE operating system to not performing IPv6 packet forwarding by default by running the following command as an administrator:
+If the network parameter "ipv6.conf.all.forwarding" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-237623"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237623r991589_rule" weight="10.0" severity="medium"><version>SLES-12-030365</version><title>The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-40805r646831_fix">Configure the SUSE operating system to not performing IPv6 packet forwarding by default by running the following command as an administrator:
 
 &gt; sudo sysctl -w net.ipv6.conf.default.forwarding=0
 
@@ -3854,7 +3822,7 @@ Check to see if IPv6 forwarding is disabled by default using the following comma
 &gt; sudo sysctl net.ipv6.conf.default.forwarding
 net.ipv6.conf.default.forwarding = 0
 
-If the network parameter "ipv6.conf.default.forwarding" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-251719"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251719r832989_rule" weight="10.0" severity="medium"><version>SLES-12-010109</version><title>The SUSE operating system must specify the default "include" directory for the /etc/sudoers file.</title><description>&lt;VulnDiscussion&gt;The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as the programs they are allowed to run. Some configuration options in the "/etc/sudoers" file allow configured users to run programs without re-authenticating. Use of these configuration options makes it easier for one compromised account to be used to compromise other accounts.
+If the network parameter "ipv6.conf.default.forwarding" is not equal to "0" or nothing is returned, this is a finding.</check-content></check></Rule></Group><Group id="V-251719"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251719r991589_rule" weight="10.0" severity="medium"><version>SLES-12-010109</version><title>The SUSE operating system must specify the default "include" directory for the /etc/sudoers file.</title><description>&lt;VulnDiscussion&gt;The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as the programs they are allowed to run. Some configuration options in the "/etc/sudoers" file allow configured users to run programs without re-authenticating. Use of these configuration options makes it easier for one compromised account to be used to compromise other accounts.
 
 It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives. When sudo reaches this line it will suspend processing of the current file (/etc/sudoers) and switch to the specified file/directory. Once the end of the included file(s) are reached, the rest of /etc/sudoers will be processed. Files that are included may themselves include other files. A hard limit of 128 nested include files is enforced to prevent include file loops.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-55110r832988_fix">Configure the /etc/sudoers file to only include the /etc/sudoers.d directory.
 
@@ -3877,11 +3845,11 @@ Verify the operating system does not have nested "include" files or directories
 
 &gt; sudo grep -r include /etc/sudoers.d
 
-If results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-251720"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251720r854176_rule" weight="10.0" severity="medium"><version>SLES-12-010114</version><title>The SUSE operating system must not be configured to bypass password requirements for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+If results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-251720"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251720r1015236_rule" weight="10.0" severity="medium"><version>SLES-12-010114</version><title>The SUSE operating system must not be configured to bypass password requirements for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
 When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
 
-Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002038</ident><fixtext fixref="F-55111r854175_fix">Configure the operating system to require users to supply a password for privilege escalation.
+Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002038</ident><ident system="http://cyber.mil/cci">CCI-004895</ident><fixtext fixref="F-55111r854175_fix">Configure the operating system to require users to supply a password for privilege escalation.
 
 Check the configuration of the "/etc/ pam.d/sudo" file with the following command:
 $ sudo vi /etc/pam.d/sudo
@@ -3892,7 +3860,7 @@ Check the configuration of the "/etc/pam.d/sudo" file with the following command
 
 $ sudo grep pam_succeed_if /etc/pam.d/sudo
 
-If any occurrences of "pam_succeed_if" are returned from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-251721"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251721r809453_rule" weight="10.0" severity="high"><version>SLES-12-010221</version><title>The SUSE operating system must not have accounts configured with blank or null passwords.</title><description>&lt;VulnDiscussion&gt;If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-55112r809452_fix">Configure all accounts on the system to have a password or lock the account with the following commands:
+If any occurrences of "pam_succeed_if" are returned from the command, this is a finding.</check-content></check></Rule></Group><Group id="V-251721"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251721r991589_rule" weight="10.0" severity="high"><version>SLES-12-010221</version><title>The SUSE operating system must not have accounts configured with blank or null passwords.</title><description>&lt;VulnDiscussion&gt;If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-55112r809452_fix">Configure all accounts on the system to have a password or lock the account with the following commands:
 
 Perform a password reset:
 $ sudo passwd [username]
@@ -3901,7 +3869,7 @@ $ sudo passwd -l [username]</fixtext><fix id="F-55112r809452_fix" /><check syste
 
 $ sudo awk -F: '!$2 {print $1}' /etc/shadow
 
-If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-251722"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251722r854178_rule" weight="10.0" severity="medium"><version>SLES-12-020411</version><title>The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command returns any results, this is a finding.</check-content></check></Rule></Group><Group id="V-251722"><title>SRG-OS-000037-GPOS-00015</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-251722r958412_rule" weight="10.0" severity="medium"><version>SLES-12-020411</version><title>The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.</title><description>&lt;VulnDiscussion&gt;Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
 Audit records can be generated from various components within the information system (e.g., module or policy filter). The system call rules are loaded into a matching engine that intercepts each syscall made by all programs on the system. Therefore, it is very important to use syscall rules only when absolutely necessary since these affect performance. The more rules, the bigger the performance hit. The performance is helped, however, by combining syscalls into one rule whenever possible.
 
@@ -3923,7 +3891,7 @@ Verify that the following command call is being audited by performing the follow
 -a always,exit -F arch=b32 -S unlink, unlinkat,rename,renameat,rmdir -F auid&gt;=1000 -F auid!=4294967295 -k delete
 -a always,exit -F arch=b64 -S unlink, unlinkat,rename,renameat,rmdir -F auid&gt;=1000 -F auid!=4294967295 -k delete
 
-If both the "b32" and "b64" audit rules are not defined for the "unlink", "unlinkat", "rename", "renameat", and "rmdir" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-255914"><title>SRG-OS-000250-GPOS-00093</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255914r880922_rule" weight="10.0" severity="medium"><version>SLES-12-030270</version><title>The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection.
+If both the "b32" and "b64" audit rules are not defined for the "unlink", "unlinkat", "rename", "renameat", and "rmdir" syscalls, this is a finding.</check-content></check></Rule></Group><Group id="V-255914"><title>SRG-OS-000250-GPOS-00093</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255914r991554_rule" weight="10.0" severity="medium"><version>SLES-12-030270</version><title>The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection.
 
 The system will attempt to use the first algorithm presented by the client that matches the server list. Listing the values "strongest to weakest" is a method to ensure the use of the strongest algorithm available to secure the SSH connection.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001453</ident><fixtext fixref="F-59534r880921_fix">Configure the SSH server to use only FIPS-validated key exchange algorithms by adding or modifying the following line in "/etc/ssh/sshd_config":
 
@@ -3936,7 +3904,7 @@ Restart the "sshd" service for changes to take effect:
      $ sudo grep -i kexalgorithms /etc/ssh/sshd_config
      KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
  
-If "KexAlgorithms" is not configured, is commented out, or does not contain only the algorithms "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" in exact order, this is a finding.</check-content></check></Rule></Group><Group id="V-255915"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255915r880928_rule" weight="10.0" severity="low"><version>SLES-12-010375</version><title>The SUSE operating system must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-59535r880927_fix">Configure the operating system to restrict access to the kernel message buffer.
+If "KexAlgorithms" is not configured, is commented out, or does not contain only the algorithms "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" in exact order, this is a finding.</check-content></check></Rule></Group><Group id="V-255915"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255915r958524_rule" weight="10.0" severity="low"><version>SLES-12-010375</version><title>The SUSE operating system must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-59535r880927_fix">Configure the operating system to restrict access to the kernel message buffer.
 
 Set the system to the required kernel parameter by adding or modifying the following line in /etc/sysctl.conf or a config file in the /etc/sysctl.d/ directory:
 
@@ -3967,7 +3935,7 @@ Check that the configuration files are present to enable this kernel parameter:
 
 If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
 
-If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-255916"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255916r880937_rule" weight="10.0" severity="medium"><version>SLES-12-010499</version><title>The SUSE operating system must use a file integrity tool to verify correct operation of all security functions.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+If conflicting results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-255916"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-255916r958794_rule" weight="10.0" severity="medium"><version>SLES-12-010499</version><title>The SUSE operating system must use a file integrity tool to verify correct operation of all security functions.</title><description>&lt;VulnDiscussion&gt;Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
 This requirement applies to the SUSE operating system performing security function verification/testing and/or systems and environments that require this functionality.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002696</ident><fixtext fixref="F-59536r880936_fix">Install AIDE, initialize it, and perform a manual check.
 
@@ -4003,10 +3971,10 @@ If there is no application installed to perform integrity checks, this is a find
 If AIDE is installed, check if it has been initialized with the following command:
      $ sudo aide --check
 
-If the output is "Couldn't open file /var/lib/aide/aide.db for reading", this is a finding.</check-content></check></Rule></Group><Group id="V-256980"><title>SRG-OS-000123-GPOS-00064</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-256980r903128_rule" weight="10.0" severity="medium"><version>SLES-12-010331</version><title>The SUSE operating system must automatically expire temporary accounts within 72 hours.</title><description>&lt;VulnDiscussion&gt;Temporary accounts are privileged or nonprivileged accounts that are established during pressing circumstances, such as new software or hardware configuration or an incident response, where the need for prompt account activation requires bypassing normal account authorization procedures. If any inactive temporary accounts are left enabled on the system and are not either manually removed or automatically expired within 72 hours, the security posture of the system will be degraded and exposed to exploitation by unauthorized users or insider threat actors.
-
-Temporary accounts are different from emergency accounts. Emergency accounts, also known as "last resort" or "break glass" accounts, are local logon accounts enabled on the system for emergency use by authorized system administrators to manage a system when standard logon methods are failing or not available. Emergency accounts are not subject to manual removal or scheduled expiration requirements.
-
+If the output is "Couldn't open file /var/lib/aide/aide.db for reading", this is a finding.</check-content></check></Rule></Group><Group id="V-256980"><title>SRG-OS-000123-GPOS-00064</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-256980r958508_rule" weight="10.0" severity="medium"><version>SLES-12-010331</version><title>The SUSE operating system must automatically expire temporary accounts within 72 hours.</title><description>&lt;VulnDiscussion&gt;Temporary accounts are privileged or nonprivileged accounts that are established during pressing circumstances, such as new software or hardware configuration or an incident response, where the need for prompt account activation requires bypassing normal account authorization procedures. If any inactive temporary accounts are left enabled on the system and are not either manually removed or automatically expired within 72 hours, the security posture of the system will be degraded and exposed to exploitation by unauthorized users or insider threat actors.
+
+Temporary accounts are different from emergency accounts. Emergency accounts, also known as "last resort" or "break glass" accounts, are local logon accounts enabled on the system for emergency use by authorized system administrators to manage a system when standard logon methods are failing or not available. Emergency accounts are not subject to manual removal or scheduled expiration requirements.
+
 The automatic expiration of temporary accounts may be extended as needed by the circumstances but it must not be extended indefinitely. A documented permanent account should be established for privileged users who need long-term maintenance accounts.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001682</ident><fixtext fixref="F-60600r902830_fix">Configure the operating system to expire temporary accounts after 72 hours with the following command:
 
      &gt; sudo chage -E $(date -d +3days +%Y-%m-%d) &lt;temporary_account_name&gt;</fixtext><fix id="F-60600r902830_fix" /><check system="C-60658r902829_chk"><check-content-ref href="SUSE_Linux_Enterprise_Server_12_STIG.xml" name="M" /><check-content>Verify temporary accounts have been provisioned with an expiration date of 72 hours.
@@ -4016,7 +3984,7 @@ For every existing temporary account, run the following command to obtain its ac
      &gt; sudo chage -l &lt;temporary_account_name&gt; | grep -i "account expires"
 
 Verify each of these accounts has an expiration date set within 72 hours.
-If any temporary accounts have no expiration date set or do not expire within 72 hours, this is a finding.</check-content></check></Rule></Group><Group id="V-256981"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-256981r902837_rule" weight="10.0" severity="medium"><version>SLES-12-010498</version><title>The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
+If any temporary accounts have no expiration date set or do not expire within 72 hours, this is a finding.</check-content></check></Rule></Group><Group id="V-256981"><title>SRG-OS-000363-GPOS-00150</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-256981r958794_rule" weight="10.0" severity="medium"><version>SLES-12-010498</version><title>The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.</title><description>&lt;VulnDiscussion&gt;Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configurations can have unintended side effects, some of which may be relevant to security.
 
 Detecting such changes and providing an automated response can help avoid unintended, negative consequences that could ultimately affect the security state of the operating system. The operating system's IMO/ISSO and SAs must be notified via email and/or monitoring system trap when there is an unauthorized modification of a configuration item.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001744</ident><fixtext fixref="F-60601r902836_fix">Install the "mailx" package on the system:
 

From 7b7742c9e9255b86da730f70c5e76f88cb6fd79a Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 6 Nov 2024 14:09:41 +0200
Subject: [PATCH 3/6] Adjust tmout to 10 minutes for SLES-12-010090

---
 products/sle12/profiles/stig.profile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
index 56ea042d6fb..12e7d451c2c 100644
--- a/products/sle12/profiles/stig.profile
+++ b/products/sle12/profiles/stig.profile
@@ -18,7 +18,7 @@ selections:
     - sshd_approved_ciphers=stig
     - var_account_disable_post_pw_expiration=35
     - var_accounts_fail_delay=4
-    - var_accounts_tmout=15_min
+    - var_accounts_tmout=10_min
     - inactivity_timeout_value=15_minutes
     - var_password_pam_dcredit=1
     - var_password_pam_delay=4000000

From 3e2d710f5aa96adb723decbcc34b6c45a7c810f5 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 6 Nov 2024 14:14:12 +0200
Subject: [PATCH 4/6] Remove rule SLES-12-010310

---
 .../accounts_password_pam_pwhistory_remember/rule.yml           | 1 -
 products/sle12/profiles/stig.profile                            | 2 --
 2 files changed, 3 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
index afeea9dbe62..45c87652446 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
@@ -30,7 +30,6 @@ references:
     disa: CCI-000200
     nist@sle12: IA-5(1)(e),IA-5 (1).1(v)
     srg: SRG-OS-000077-GPOS-00045
-    stigid@sle12: SLES-12-010310
 
 ocil_clause: |-
      the value of remember is not set equal to or greater than {{{ xccdf_value("var_password_pam_remember") }}}
diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
index 12e7d451c2c..1dcf045fc76 100644
--- a/products/sle12/profiles/stig.profile
+++ b/products/sle12/profiles/stig.profile
@@ -26,7 +26,6 @@ selections:
     - var_password_pam_lcredit=1
     - var_password_pam_minlen=15
     - var_password_pam_ocredit=1
-    - var_password_pam_remember=5
     - var_password_pam_retry=3
     - var_password_pam_ucredit=1
     - var_accounts_maximum_age_login_defs=60
@@ -59,7 +58,6 @@ selections:
     - accounts_password_all_shadowed_sha512
     - accounts_passwords_pam_faildelay_delay
     - accounts_passwords_pam_tally2
-    - accounts_password_pam_pwhistory_remember
     - accounts_password_set_max_life_existing
     - accounts_password_set_min_life_existing
     - accounts_tmout

From c80cc033b920d8ef2efd7256d21d448d9c24b50c Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 6 Nov 2024 14:17:37 +0200
Subject: [PATCH 5/6] Remove rule SLES-12-010599

---
 .../agent_mfetpd_running/rule.yml                               | 1 -
 .../package_mcafeetp_installed/rule.yml                         | 1 -
 products/sle12/profiles/stig.profile                            | 2 --
 3 files changed, 4 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
index ff5efb08097..1ebc05209cd 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
@@ -24,7 +24,6 @@ references:
     disa: CCI-001263,CCI-000366
     nist: SI-2(2)
     srg: SRG-OS-000191-GPOS-00080
-    stigid@sle12: SLES-12-010599
 
 ocil_clause: 'virus scanning software is not running'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
index fb75fca7711..88d8a4312bc 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
@@ -34,7 +34,6 @@ references:
     nist: SI-2(2)
     srg: SRG-OS-000191-GPOS-00080
     stigid@rhel8: RHEL-08-010001
-    stigid@sle12: SLES-12-010599
     stigid@ubuntu2004: UBTU-20-010415
 
 ocil_clause: 'the package is not installed'
diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
index 1dcf045fc76..41f80c36d7e 100644
--- a/products/sle12/profiles/stig.profile
+++ b/products/sle12/profiles/stig.profile
@@ -68,7 +68,6 @@ selections:
     - accounts_user_interactive_home_directory_defined
     - accounts_user_interactive_home_directory_exists
     - account_temp_expire_date
-    - agent_mfetpd_running
     - aide_build_database
     - aide_check_audit_tools
     - aide_periodic_cron_checking
@@ -221,7 +220,6 @@ selections:
     - package_audit-audispd-plugins_installed
     - package_audit_installed
     - package_mailx_installed
-    - package_mcafeetp_installed
     - package_pam_apparmor_installed
     - package_SuSEfirewall2_installed
     - package_telnet-server_removed

From 0c7df6c3d39e24f52ba10ba0531ce23c22541b00 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 6 Nov 2024 14:21:00 +0200
Subject: [PATCH 6/6] Remove rule SLES-12-010300

---
 .../file_etc_security_opasswd/ansible/shared.yml                | 2 +-
 .../file_etc_security_opasswd/bash/shared.sh                    | 2 +-
 .../file_etc_security_opasswd/rule.yml                          | 1 -
 products/sle12/profiles/stig.profile                            | 1 -
 4 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
index 1fc282c25f0..dd9cfafb912 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_slmicro
+# platform = multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
index 7e69037f7e9..bba05385826 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_slmicro
+# platform = multi_platform_slmicro
 
 # Create /etc/security/opasswd if needed
 # Owner group mode root.root 0600
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml
index a17c9dd6299..19afb581a93 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml
@@ -25,7 +25,6 @@ references:
     disa: CCI-000200
     nist@sle12: IA-5(1)(e),IA-5(1).1(v)
     srg: SRG-OS-000077-GPOS-00045
-    stigid@sle12: SLES-12-010300
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/security/opasswd", owner="root") }}} and {{{ ocil_clause_file_group_owner(file="/etc/security/opasswd", group="root") }}} and {{{ ocil_clause_file_permissions(file="/etc/security/opasswd", perms="0600") }}}'
 
diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
index 41f80c36d7e..882fd1a16a9 100644
--- a/products/sle12/profiles/stig.profile
+++ b/products/sle12/profiles/stig.profile
@@ -179,7 +179,6 @@ selections:
     - encrypt_partitions
     - ensure_gpgcheck_globally_activated
     - ensure_rtc_utc_configuration
-    - file_etc_security_opasswd
     - file_groupownership_home_directories
     - file_groupownership_system_commands_dirs
     - file_ownership_binary_dirs